5 matches found
HPE Systems Insight Manager AMF Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HPE Systems Insight Manager AMF Deserialization RCE', 'Description' = %q A remotely exploitable vulnerability exists within HPE System Insight...
HPE Systems Insight Manager AMF Deserialization Remote Code Execution Exploit
A remotely exploitable vulnerability exists within HPE System Insight Manager SIM version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The...
U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www.███████/daip/messagebroker/amf
The vulnerability was an unsafe AMF Action Message Format deserialization issue in Apache Flex BlazeDS, affecting the /daip/messagebroker/amf endpoint. Successful exploitation could allow an attacker to trigger a DNS lookup by sending a crafted AMF payload. The vulnerability was identified and...
Red5 Media Server Code Execution Vulnerability
Red5 Media Server is an open source and free streaming media server. A security vulnerability exists in AMF unmarshallers in Red5 Media Server versions prior to 1.0.8, which stems from a program that does not restrict classes when performing deserialization. A remote attacker can exploit this...
Remote Code Execution (RCE) Via Deserialization Of Untrusted Data
flex-messaging-core is vulnerable to remote code execution RCE via deserialization of untrusted data. The vulnerability is possible because it has a flaw in AMF deserialization using Externalizable.readExternalObjectInput, allowing attackers to request a RMI remote object from the endpoint and...