Jenkins CLI - Java Deserialization

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...

Vulnerability fixed in Solarwinds Web Helpdesk

Solarwinds has fixed a vulnerability in Web Helpdesk. An unauthenticated malicious person could exploit the vulnerability to execute deserialization code on the system without authentication using Java. Solarwinds developers have released a hotfix to fix the vulnerability. See attached references...

CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

CVE-2023-25581

The CVE-2023-25581 entry concerns pac4j-core before 4.0.0, where a Java deserialization vulnerability in UserProfile attributes can be triggered by a serialized object with a {#sb64} prefix and Base64 encoding, potentially leading to RCE. Affected versions are prior to 4.0.0; 4.0.0 and later are ...

pac4j 代码问题漏洞

pac4j is a simple yet powerful Java security engine from pac4j open source. It is used to authenticate users, obtain their profiles and manage authorizations to protect Web applications and Web services. A code issue vulnerability exists in pac4j versions prior to 4.0.0 that stems from being...

Security Bulletin: IBM SPSS Statistics not affected: "Java deserialization filters (JEP 290) ignored during IBM ORB deserialization"

Summary This vulnerability in the JRE does not affect Statistics. IBM SPSS Statistics does not use the Internet InterORB Protocol IIOP for interprocess communication. Instead it uses it's own proprietary messaging architecture. Also, users who configure SSL for client-server installations are als...

Vulnerabilities fixed in Solarwinds Web Helpdesk

Solarwinds fixed vulnerabilities in Web Helpdesk A malicious party can exploit the vulnerabilities to execute code on the system using Java deserialization. A malicious party can also use hardcoded credentials to gain access to data and functionality. Solarwinds developers have released a hotfix ...

CVE-2024-28986

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce...

CVE-2024-28986

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce...

CVE-2024-28986 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce...

CVE-2024-28986 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce...

SolarWinds Web Help Desk 代码问题漏洞

SolarWinds Web Help Desk is a suite of help desk and asset management software from US-based SolarWinds. The software supports centralized knowledge base, IT asset management, project and task management, and other features. A code issue vulnerability exists in SolarWinds Web Help Desk 12.8.3 and...

CVE-2024-28986

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it...

PT-2024-5811

Name of the Vulnerable Software and Affected Versions SolarWinds Web Help Desk versions prior to 12.8.3 Hotfix 2 Description SolarWinds Web Help Desk is susceptible to a Java deserialization remote code execution issue. Exploitation of this issue could allow a malicious actor to execute arbitrary...

JDK: Object Request Broker (ORB) denial of service

The IBM SDK, Java Technology Edition's Object Request Broker ORB is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters...

JDK: Object Request Broker (ORB) denial of service

The IBM SDK, Java Technology Edition's Object Request Broker ORB is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters...

Poc

This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The primary focus is on Java-based exploits, with some Python scripts also present. The Java exploits target vulnerabilities in Java applications, including a deserialization vulnerabilit...

CVE-2024-3967

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

NetIQ iManager 代码问题漏洞

NetIQ iManager is an advanced web-based management console from NetIQ UK. Provides customized, secure access to network management utilities and content from any location in the world. A security vulnerability exists in NetIQ iManager version 3.2.6.0200, which stems from the presence of remote co...

GHSA-J7JM-8GF5-FRCM nGrinder vulnerable to unsafe Java objects deserialization

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...