Page 67 of 369 results (0.030 seconds)

CVSS: 7.5EPSS: 97%CPEs: 5EXPL: 6

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. El motor de secuencias de comandos Groovy en Elasticsearch anterior a 1.3.8 y 1.4.x anterior a 1.4.3 permite a atacantes remotos evadir el mecanismo de protección de sandbox y ejecutar comandos de shell arbitrarios a través de una secuencia de comandos manipulada. It was reported that Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. • https://www.exploit-db.com/exploits/36415 https://www.exploit-db.com/exploits/36337 https://github.com/t0kx/exploit-CVE-2015-1427 https://github.com/xpgdgit/CVE-2015-1427 https://github.com/cyberharsh/Groovy-scripting-engine-CVE-2015-1427 http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html http://packetstormsecurity.com/files/130784/ElasticSearch-Unauthenticated-Remote-Code-Execution.html http://www.elasticsearch.com/blog/elasticsearch-1-4 • CWE-284: Improper Access Control •

CVSS: 10.0EPSS: 3%CPEs: 5EXPL: 0

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a SR8-FP3, 7 anterior a SR8-FP10, y 7R1 anterior a SR2-FP10 permite a atacantes remotos escapar del sandbox de Java y ejecutar código arbitrario a través de vectores no especificados relacionados con el gestor de seguridad. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-02 •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a SR8-FP3, 7 anterior a SR8-FP10, y 7R1 anterior a SR2-FP10 permite a atacantes remotos evadir los permisos de acceso y obtener información sensible a través de vectores no especificados relacionados con el gestor de seguridad. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-02 •

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 3

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. libnetcore en Apple iOS anterior a 8.1.3, Apple OS X anterior a 10.10.2, y Apple TV anterior a 7.0.3 no verifica que ciertos valores tienen los tipos de datos esperados, lo que permite a atacantes ejecutar código arbitrario en un contexto _networkd a través de un mensaje XPC manipulado de una aplicación con sandbox, tal y como fue demostrado mediante la falta de verificación de un tipo de datos del diccionario de XPC. networkd is the system daemon which implements the com.apple.networkd XPC service. It's unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network). networkd parses quite complicated XPC messages and there are many cases where xpc_dictionary_get_value and xpc_array_get_value are used without subsequent checking of the type of the returned value. • https://www.exploit-db.com/exploits/35847 http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://packetstormsecurity.com/files/134393/Mac-OS-X-Networkd-XPC-Type-Confusion-Sandbox-Escape.html http://support.apple.com/HT204244 http://support.apple.com/HT204245 http://support.apple.com/HT204246 http://www.exploit-db.com&# • CWE-19: Data Processing Errors •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0

The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. El componente iTunes Store en Apple iOS anterior a 8.1.3 permite a atacantes remotos evadir el mecanismo de protección Safari sandbox mediante el aprovechamiento de la redirección de una URL de SSL en iTunes Store. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Apple iOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of SSL connections. The issue lies in the implicit trust of sites that offer URL redirection services. • http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html http://support.apple.com/HT204245 http://www.securitytracker.com/id/1031652 http://zerodayinitiative.com/advisories/ZDI-15-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/100533 • CWE-310: Cryptographic Issues •