Lucene search
K

1754 matches found

Cisco
Cisco
added 2018/11/07 4:0 p.m.629 views

Cisco Unity Express Arbitrary Command Execution Vulnerability

A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

9.8CVSS3.7AI score0.87254EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2018/11/07 12:0 a.m.12 views

Apache Struts Remote Code Execution (CVE-2016-1000031)

An insecure deserialization vulnerability has been reported in Apache Struts. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library. A remote, unauthenticated attacker can exploit this vulnerability by sending a...

7.5CVSS6.2AI score0.34731EPSS
Exploits0
OSV
OSV
added 2018/09/11 1:29 p.m.36 views

CVE-2016-0750

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...

8.8CVSS7.5AI score0.02396EPSS
Exploits0References6
NVD
NVD
added 2018/08/30 2:29 p.m.17 views

CVE-2018-15691

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code...

9.8CVSS9.7AI score0.16764EPSS
Exploits5References4
OSV
OSV
added 2018/08/30 2:29 p.m.4 views

CVE-2018-15691

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code...

9.8CVSS6AI score0.16764EPSS
Exploits5References4
Cvelist
Cvelist
added 2018/08/30 2:0 p.m.20 views

CVE-2018-15691

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code...

9.8AI score0.16764EPSS
Exploits5References4
CVE
CVE
added 2018/08/30 2:0 p.m.78 views

CVE-2018-15691

CVE-2018-15691 affects CA Release Automation NiMi 6.5 and earlier. The root cause is insecure deserialization of a crafted serialized object, permitting potential arbitrary code execution. Documents describe a remote command execution vector via deserialization and note PoC exploits using Commons...

9.8CVSS9.7AI score0.16764EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2018/08/21 5:2 p.m.16 views

GHSA-38F5-GHC2-FCMV Code Injection in cryo

All versions of cryo are vulnerable to code injection due to an Insecure implementation of deserialization. Proof of concept js var Cryo = require'cryo'; var frozen = '"root":"CRYOREF3","references":"contents":,"value":"CRYOFUNCTIONfunction console.log\"defconrussia\"; return...

9.8CVSS5.9AI score0.03252EPSS
Exploits1References4
CNVD
CNVD
added 2018/08/21 12:0 a.m.6 views

cryo code injection vulnerability

cryo is a software package that supports the structuring of data. A code injection vulnerability exists in cryo version 0.0.6, which stems from a failure to securely implement deserialization in the program. An attacker can exploit this vulnerability to arbitrarily execute code...

9.8CVSS9.5AI score0.03252EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2018/08/20 12:0 a.m.4 views

WordPress Core Phar Insecure Deserialization

An insecure deserialization vulnerability exists in WordPress core. The vulnerability is due to the lack of input validation in PHP phar stream wrapper. Successful exploitation of this vulnerability could allow a remote authenticated attacker with at least author-level privileges to execute...

5.1AI score
Exploits0
NVD
NVD
added 2018/08/17 1:29 p.m.17 views

CVE-2018-3784

A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...

9.8CVSS9.7AI score0.03252EPSS
Exploits1References1
Prion
Prion
added 2018/08/17 1:29 p.m.12 views

Deserialization of untrusted data

A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...

7.5CVSS9.6AI score0.03252EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/08/17 1:29 p.m.5 views

CVE-2018-3784

A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...

9.8CVSS5.9AI score0.03252EPSS
Exploits1References1
CVE
CVE
added 2018/08/17 1:0 p.m.58 views

CVE-2018-3784

CVE-2018-3784 affects cryo, a Node.js module for JSON-like serialization. The root cause is insecure deserialization, allowing an attacker to craft payloads (e.g., via proto manipulation or serialized functions) that can lead to arbitrary code execution. Several sources (NVD, CNVD, PRION, OSV) de...

9.8CVSS9.6AI score0.03252EPSS
Exploits1References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2018/07/29 12:0 a.m.17 views

Adobe ColdFusion DataServicesCFProxy Insecure Deserialization (CVE-2018-4939)

An insecure deserialization vulnerability exists in the Flex integration service of Adobe ColdFusion. The vulnerability is due to the lack of input validation. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS4.9AI score0.63304EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/07/18 12:0 a.m.21 views

FreeBSD : typo3 -- multiple vulnerabilities (ef013039-89cd-11e8-84e9-00e04c1ea73d)

Typo3 core team reports : It has been discovered that TYPO3's Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords...

5.8AI score
Exploits0References5
NVD
NVD
added 2018/07/13 6:29 p.m.15 views

CVE-2018-1000210

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize will deserialize user-controlled types in the line "currentType = Type.GetTypenodeEvent.Tag.Substring1, throwOnError: false;" and blindly instantiates...

7.8CVSS7.7AI score0.01469EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2018/07/12 9:34 a.m.15 views

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/07/12 9:34 a.m.13 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/07/12 9:34 a.m.13 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-004...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder