JBoss EAP's JMX Invoker Servlet is exposed by default on port 8080/TCP. The communication employs serialized Java objects, encapsulated in HTTP requests and responses. The server deserializes these objects without checking the object type. This behavior can be exploited to cause a denial of service and potentially execute arbitrary code.
1402dee1010d43d2904c61bd152231b878698f6ba49611de5845ac70f3bc4052IBM WebSphere versions 7, 8, 8.5, and 9 deserialize untrusted data. This can lead to denial of service and remote code execution vulnerabilities.
bf5b14004b9ffc6d5c085efaffcaac568b0e312cb09a579f088dbe0c0dc3d9c7McAfee VirusScan Enterprise versions 8.8 and below suffer from a security restrictions bypass vulnerability.
7fdaff624d6846169b2a5cfed35b33bc6875975ce175dfcaf5a20c492bd2900csudoedit as found in sudo versions 1.7.2p5 and below fails to verify the path of the executable and therefore allows for an easy to exploit local privilege escalation vulnerability.
a12883304c4dce1e37de911cb644e89a0c117cf64d9679955b98211211bdd18aSNMPv3 HMAC validation error remote authentication bypass exploit.
92710090b7bafba96ab29015afb2d6cf4a243ec3a921c0b60182a8d8ffbdfd78
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed