81 matches found
Deserialization of untrusted data
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization...
CVE-2020-25260
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization...
CVE-2020-25260
CVE-2020-25260 affects Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below, and 20.3.10.1000 and below. The issue arises from unsafe JSON deserialization, allowing remote attackers to execute arbitrary code. Connected documents confirm the root cau...
Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax
CVE-2019-18935 Telerik UI for ASP.NET AJAX RadAsyncUpload Han...
CVE-2018-21234
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set...
CVE-2018-21234
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set...
Remote Code Execution (RCE)
jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the deserialization of a JSON payload that uses the br.com.anteros.dbcp.AnterosDBCPConfig gadget...
Remote Code Execution (RCE)
jackson-databind is vulnerable to remote code execution RCE. The vulnerability exists through the deserialization of a JSON payload that uses the com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig gadget...
Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax
CVE-2019-18935 Proof-of-concept exploit for a .NET JSON deser...
CVE-2019-16891
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload...
PT-2019-14848 · Liferay · Liferay Portal
Name of the Vulnerable Software and Affected Versions: Liferay Portal CE version 6.2.5 Description: The issue allows remote command execution due to deserialization of a JSON payload. Recommendations: For Liferay Portal CE version 6.2.5, update to a version that includes a fix for this issue, as...
CVE-2019-16891
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload...
Remote Code Execution Via JSON Deserialization
jodd-json is vulnerable to remote code execution via JSON deserialization. The JSON parser supports polymorphic deserialization when setClassMetadataName is set, which allows an attacker to execute arbitrary code using a crafted JSON request...
Arbitrary Code Execution
cryo is vulnerable to arbitrary code execution attacks. The attacks is possible when a JSON is deserialised into an object and the JSON contains a function, allowing a malicious user with access to the JSON to execute arbitrary code through the deserialization of the function...
CVE-2017-9785
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie...
CVE-2017-9785
Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse has Remote Code Execution via Deserialization of JSON data in a CSRF Cookie...
CVE-2017-9424
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization...
Deserialization of untrusted data
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization...
CVE-2017-9424
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization...
CVE-2017-9424
IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization...