Spring Framework versions 3.0.0 to 3.0.5 and Spring Security versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 suffer from serialization issues. Several issues have been reported which may affect applications which de-serialize objects from an untrusted source such as a remote client. It is possible for a malicious client to inject undesirable behavior into the server by serializing proxies rather than specific class instances, or by taking advantage of internal AOP interfaces which were being exposed through the remote service, in addition to the service interface.
f905e5bf5433c31b6e389d1aca05670a117b1f5976e8502215745fe22fe34fc4A vulnerability in the CTCP handling allows an attacker to trick Quassel IRC into sending arbitrary commands to the IRC server. Versions before 0.3.0.2 are affected.
9b09430bab211f1afa35ab4d949fc42f6cf12feeb69eb382a6f8cd73a189cb41Various "now playing" scripts for various IRC clients allow for forced client side command execution on the IRC server in use.
b398486793abbb7db414ef4dff1653a682391861779d0b6a7e1376d93280fe7dIrcu, the open source IRC server, is susceptible to multiple vulnerabilities.
28796b1f67776e580e3299d77586a52c9cc08bbdb00476b100bf8bdec3f1d7faKonversation versions below 0.15.1 suffer from various flaws that allow for shell command injection amongst others.
1878ab58f77ea098da55b04d4e3cac28e5c15f51bc0bce5aed916d6b27a0de19
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed