1754 matches found
Cisco Unity Express Arbitrary Command Execution Vulnerability
A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...
Apache Struts Remote Code Execution (CVE-2016-1000031)
An insecure deserialization vulnerability has been reported in Apache Struts. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library. A remote, unauthenticated attacker can exploit this vulnerability by sending a...
CVE-2016-0750
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...
CVE-2018-15691
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code...
CVE-2018-15691
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code...
CVE-2018-15691
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code...
CVE-2018-15691
CVE-2018-15691 affects CA Release Automation NiMi 6.5 and earlier. The root cause is insecure deserialization of a crafted serialized object, permitting potential arbitrary code execution. Documents describe a remote command execution vector via deserialization and note PoC exploits using Commons...
GHSA-38F5-GHC2-FCMV Code Injection in cryo
All versions of cryo are vulnerable to code injection due to an Insecure implementation of deserialization. Proof of concept js var Cryo = require'cryo'; var frozen = '"root":"CRYOREF3","references":"contents":,"value":"CRYOFUNCTIONfunction console.log\"defconrussia\"; return...
cryo code injection vulnerability
cryo is a software package that supports the structuring of data. A code injection vulnerability exists in cryo version 0.0.6, which stems from a failure to securely implement deserialization in the program. An attacker can exploit this vulnerability to arbitrarily execute code...
WordPress Core Phar Insecure Deserialization
An insecure deserialization vulnerability exists in WordPress core. The vulnerability is due to the lack of input validation in PHP phar stream wrapper. Successful exploitation of this vulnerability could allow a remote authenticated attacker with at least author-level privileges to execute...
CVE-2018-3784
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...
Deserialization of untrusted data
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...
CVE-2018-3784
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...
CVE-2018-3784
CVE-2018-3784 affects cryo, a Node.js module for JSON-like serialization. The root cause is insecure deserialization, allowing an attacker to craft payloads (e.g., via proto manipulation or serialized functions) that can lead to arbitrary code execution. Several sources (NVD, CNVD, PRION, OSV) de...
Adobe ColdFusion DataServicesCFProxy Insecure Deserialization (CVE-2018-4939)
An insecure deserialization vulnerability exists in the Flex integration service of Adobe ColdFusion. The vulnerability is due to the lack of input validation. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
FreeBSD : typo3 -- multiple vulnerabilities (ef013039-89cd-11e8-84e9-00e04c1ea73d)
Typo3 core team reports : It has been discovered that TYPO3's Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords...
CVE-2018-1000210
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize will deserialize user-controlled types in the line "currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false;" and blindly instantiates...
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-002...
Insecure Deserialization in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...
Insecure Deserialization in TYPO3 CMS
More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...