Showing 1 - 7 of 7

Files from Pierre Ernst

Apache XML Graphics FOP 2.1 Information Disclosure: Posted Apr 18, 2017; Authored by Pierre Ernst; Apache XML Graphics FOP versions 1.0 through 2.1 suffer from an information disclosure vulnerability.; tags | advisory, info disclosure; advisories | CVE-2017-5661; SHA-256 | 520b76c48d1f6cbd37e2e175fd011bb41c0570075c09d431c9d8d3a998a53a8a; Download | Favorite | View

Apache Ignite 1.8 XXE Injection: Posted Apr 7, 2017; Authored by Pierre Ernst; Apache Ignite versions 1.0.0-RC3 through 1.8 suffer from an arbitrary file read that can be leveraged due to an eXternal Xml Entity vulnerability.; tags | advisory, arbitrary, xxe; advisories | CVE-2016-6805; SHA-256 | 087495b3f9da905fb1b199761aceab54aedc4dac4fd57ad1a8752e7faefe80e4; Download | Favorite | View

Apache Tika 1.13 Code Execution: Posted Nov 10, 2016; Authored by Pierre Ernst; Apache Tika wraps the jmatio parser to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. Versions 1.6 through 1.13 are affected.; tags | advisory, java, arbitrary; advisories | CVE-2016-6809; SHA-256 | 226a436c7b3ab43566f0b5d55d84ab755d746a38d7b3256777c317a174b2d47e; Download | Favorite | View

Apache Tomcat 7.0.39 Remote Code Execution: Posted Sep 10, 2014; Authored by Mark Thomas, Pierre Ernst | Site tomcat.apache.org; In very limited circumstances, it was possible for an attacker to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP. While Remote Code Execution would normally be viewed as a critical vulnerability, the circumstances under which this is possible are, in the view of the Tomcat security team, sufficiently limited that this vulnerability is viewed as important. Apache Tomcat versions 7.0.0 through 7.0.39 are affected.; tags | advisory, remote, code execution; advisories | CVE-2013-4444; SHA-256 | b2ea73c8b10cd079ee3352350d5c7fa19457771401cedd12bbf9a02e13493849; Download | Favorite | View

Apache Geronimo 3 RMI Classloader Exposure: Posted Jul 1, 2013; Authored by Pierre Ernst; A misconfigured RMI classloader in Apache Geronimo version 3.0 may enable an attacker to send a serialized object via JMX that could compromise the system.; tags | advisory; advisories | CVE-2013-1777; SHA-256 | 86669e472c9cf821a0760e19d102a87138e31d290ff34eba5d75915bcc9ca407; Download | Favorite | View

Apache OpenJPA 1.x / 2.x Code Execution: Posted Jun 13, 2013; Authored by Pierre Ernst; Deserialization of a maliciously crafted Apache OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit the vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability.; tags | advisory; advisories | CVE-2013-1768; SHA-256 | 32303c32cb83248176a31128df26e37e6c705dd40e339118c8a2a427536a4fa1; Download | Favorite | View

Spring Source OXM 3.0.4 Command Injection: Posted Jul 3, 2011; Authored by Pierre Ernst; Spring Source OXM when XStream and IBM JRE are used suffers from a remote OS command injection vulnerability. The author wants Packet Storm to note publicly that he did not submit this to the site but only to Bugtraq, where Packet Storm picked it up in the public domain.; tags | exploit, remote; SHA-256 | 87ba9e7c1faa828a7bd5261fd40148a23f7e54568077dfddef334890891f0765; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days