Tomcat Partial PUT Java Deserialization

This module exploits a Java deserialization vulnerability in Apache Tomcat's session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the /webapps/ROOT/ directory. For the exploit to succeed, writes must be...

📄 Tomcat Partial PUT Java Deserialization

This Metasploit module exploits a Java deserialization vulnerability in Apache Tomcats session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the tomcatrootdir/webapps/ROOT/ directory. For the exploit to...

mina-sshd: Java unsafe deserialization vulnerability

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...

mina-sshd: Java unsafe deserialization vulnerability

A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities (cisco-sa-ise-multivuls-FTW9AOXF)

According to its self-reported version, Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities is affected by multiple vulnerabilities. - A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary comman...

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Cisco has released updates to address two critical security flaws Identity Services Engine ISE that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 CVSS score: 9.9 - An insecure Java...

CVE-2025-20124 Cisco Identity Services Engine Java Deserialization Vulnerability

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...

CVE-2025-20124 Cisco Identity Services Engine Java Deserialization Vulnerability

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit...

mina-core: Apache MINA: applications using unbounded deserialization may allow RCE

A flaw was found in Apache MINA. The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sendin...

CVE-2020-26118

In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit GWT API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious...

CVE-2024-3967

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

CVE-2024-28986

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it...

CVE-2024-53673

A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code...

Apache MINA 安全漏洞

Apache MINA is a web application framework from the Apache USA Foundation. It is primarily used for developing high-performance and highly scalable web applications. A security vulnerability exists in Apache MINA versions 2.0.X, 2.1.X, and 2.2.X. The vulnerability stems from a lack of necessary...

CVE-2024-53673

A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code...

CVE-2024-53673

A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code...

CVE-2024-53673

A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code...

CVE-2024-53673

The CVE-2024-53673 entry affects Hewlett Packard Enterprise Remote Insight Support (DESTA service). The ZDI advisory and related sources describe a deserialization vulnerability in DESTA that requires no authentication and can lead to remote code execution. The vulnerability arises from improper ...

Hewlett Packard Enterprise Insight Remote Support 安全漏洞

Hewlett Packard Enterprise Insight Remote Support HPE Insight RS is a software solution from Hewlett Packard Enterprise USA that enables passive and active remote support to improve the availability of supported remote support. A security vulnerability exists in Hewlett Packard Enterprise Insight...

PT-2024-16235 · Google · Car App Android Jetpack Library

Name of the Vulnerable Software and Affected Versions: Car App Android Jetpack Library versions prior to 1.7.0-beta02 Description: The issue is related to a code execution vulnerability in the Car App Android Jetpack Library. Specifically, the CarAppService uses deserialization logic that allows...