<![CDATA[ZDI: Published Advisories]]> http://www.zerodayinitiative.com/advisories/published/ Thu Jul 28 00:56:05 2016 +0000 zdi@hp.com (Author) Tippingpoint, all rights reserved ZDI Bird Feeder en http://blogs.law.harvard.edu/tech/rss <![CDATA[ZDI-16-448: Oracle Java MethodHandle Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/I60Xy-3L2po/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/I60Xy-3L2po" height="1" width="1" alt=""/> Thu, 21 Jul 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-448/ <![CDATA[ZDI-16-447: Oracle Java Uninitialized Object Generation Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/0gTXWtwN3xc/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/0gTXWtwN3xc" height="1" width="1" alt=""/> Thu, 21 Jul 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-447/ <![CDATA[ZDI-16-446: Oracle Java MethodHandles dropArguments Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ZW3bWzocSwQ/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/ZW3bWzocSwQ" height="1" width="1" alt=""/> Thu, 21 Jul 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-446/ <![CDATA[ZDI-16-445: Oracle Java MethodHandles filterReturnValue Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/LAOO9g-Kie8/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/LAOO9g-Kie8" height="1" width="1" alt=""/> Thu, 21 Jul 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-445/ <![CDATA[ZDI-16-444: Oracle WebLogic PartItem Arbitrary File Upload Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/QG_RHqC23lM/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/QG_RHqC23lM" height="1" width="1" alt=""/> Thu, 21 Jul 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-444/ <![CDATA[ZDI-16-443: Oracle WebLogic JBoss Interceptors Deserialization of Untrusted Data Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/e6jkXAeBkrU/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/e6jkXAeBkrU" height="1" width="1" alt=""/> Thu, 21 Jul 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-443/ <![CDATA[ZDI-16-442: Oracle Glassfish PartItem Arbitrary File Upload Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/TCwnOcdVXPk/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Glassfish Server. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/TCwnOcdVXPk" height="1" width="1" alt=""/> Thu, 21 Jul 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-442/ <![CDATA[ZDI-16-441: Oracle WebLogic JtaTransactionManager Deserialization of Untrusted Data Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/-xqZ320TeKY/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/-xqZ320TeKY" height="1" width="1" alt=""/> Thu, 21 Jul 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-441/ <![CDATA[ZDI-16-440: Schneider Electric SoMachine HVAC AxEditGrid ActiveX Control SetDataIntf Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/gfpacx87980/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric SoMachine HVAC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/gfpacx87980" height="1" width="1" alt=""/> Wed, 20 Jul 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-440/ <![CDATA[ZDI-16-439: Apple OS X ACMP4AACBaseDecoder Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/LmYXMXjUWPw/ This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/LmYXMXjUWPw" height="1" width="1" alt=""/> Wed, 20 Jul 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-439/