Lucene search
K

1719 matches found

Cvelist
Cvelist
added 2013/07/11 10:0 p.m.38 views

CVE-2013-1768

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...

8.9AI score0.09511EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2013/07/11 12:13 a.m.7 views

RichFaces: Remote code execution due to insecure deserialization

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBo...

7.5CVSS7.8AI score0.12662EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/07/10 11:54 p.m.5 views

RichFaces: Remote code execution due to insecure deserialization

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBo...

7.5CVSS7.8AI score0.12662EPSS
Exploits1References4
Check Point Advisories
Check Point Advisories
added 2013/04/04 12:0 a.m.4 views

Oracle Java Security Slider Feature Bypass (CVE-2013-1489)

A security feature bypass vulnerability has been reported in Oracle Java JRE. The vulnerability occurs when a serialized class is loaded via the applet tag object attribute. A remote attacker can exploit this vulnerability to bypass warning prompts by enticing user to open a Java applet embedded ...

6.2AI score0.07641EPSS
Exploits0
NVD
NVD
added 2013/03/20 4:55 p.m.20 views

CVE-2013-1655

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

7.5CVSS9.6AI score0.04558EPSS
Exploits0References7
OSV
OSV
added 2013/03/20 4:55 p.m.2 views

DEBIAN-CVE-2013-1655

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

7.5CVSS8AI score0.04558EPSS
Exploits0References1
OSV
OSV
added 2013/03/20 4:55 p.m.9 views

CVE-2013-1655

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

7.5CVSS7.4AI score0.04558EPSS
Exploits0References7
Prion
Prion
added 2013/03/20 4:55 p.m.23 views

Code injection

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

7.5CVSS9.5AI score0.04558EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2013/03/20 4:0 p.m.34 views

CVE-2013-1655

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

9.5AI score0.04558EPSS
Exploits0References7
CVE
CVE
added 2013/03/20 4:0 p.m.115 views

CVE-2013-1655

CVE-2013-1655 affects Puppet with Ruby 1.9.3+ and is triggered via serialized attributes to allow remote code execution. Public sources identify Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1 as vulnerable, with implications of remote code execution by unauthenticated attackers and potential d...

7.5CVSS8.1AI score0.04558EPSS
Exploits0References7Affected Software3
Debian CVE
Debian CVE
added 2013/03/20 4:0 p.m.35 views

CVE-2013-1655

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

7.5CVSS7.9AI score0.04558EPSS
Exploits0
Ubuntu
Ubuntu
added 2013/03/12 7:42 p.m.52 views

USN-1759-1: Puppet vulnerabilities

It was discovered that Puppet agents incorrectly handled certain kick connections in a non-default configuration. An attacker on an authenticated client could use this issue to possibly execute arbitrary code. CVE-2013-1653 It was discovered that Puppet incorrectly handled certain catalog request...

9CVSS7.8AI score0.05375EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2013/03/12 6:0 p.m.28 views

CVE-2013-1655

Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...

7.5CVSS7.5AI score0.04558EPSS
Exploits0References2
seebug.org
seebug.org
added 2013/03/07 12:0 a.m.81 views

Ruby on Rails 远程代码执行漏洞(CVE-2013-0277)

BUGTRAQ ID: 57898 CVECAN ID: CVE-2013-0277 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 3.x、2.3.x中的活动记录允许远程攻击者通过特制的序列化属性造成拒绝服务或执行任意代码,这些特制的属性可造成+serialize+ helper反序列化任意YAML。 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 2.3.x 厂商补丁: Ruby on Rails...

10CVSS0.2AI score0.07497EPSS
Exploits1
Prion
Prion
added 2013/03/05 5:2 a.m.16 views

Design/Logic Flaw

IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors...

9.3CVSS8AI score0.03867EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/03/02 9:0 p.m.26 views

CVE-2012-4858

IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors...

7.5AI score0.03867EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/03/01 12:0 a.m.44 views

Mandriva Linux Security Advisory : php (MDVSA-2013:016)

Multiple vulnerabilities has been discovered and corrected in php : PHP does not validate the configration directive soap.wsdlcachedir before writing SOAP wsdl cache files to the filesystem. Thus an attacker is able to write remote wsdl files to arbitrary locations CVE-2013-1635. PHP allows the u...

7.5CVSS8.7AI score0.10136EPSS
Exploits0References3
OSV
OSV
added 2013/02/13 1:55 a.m.3 views

DEBIAN-CVE-2013-0277

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

10CVSS7.5AI score0.07497EPSS
Exploits1References1
OSV
OSV
added 2013/02/13 1:55 a.m.11 views

CVE-2013-0277

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

10CVSS7.5AI score0.07497EPSS
Exploits1References11
NVD
NVD
added 2013/02/13 1:55 a.m.28 views

CVE-2013-0277

ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...

10CVSS7.6AI score0.07497EPSS
Exploits1References11
Rows per page
Query Builder