PT-2022-6144 · Scala +1 · Scala +1

Name of the Vulnerable Software and Affected Versions: Scala versions 2.13.x before 2.13.9 Description: The issue is related to errors in data deserialization. It may allow a remote attacker to execute arbitrary code, erase the contents of arbitrary files, or make network connections via a gadget...

CVE-2022-36944

CVE-2022-36944 involves a Java deserialization chain in Scala 2.13.x before 2.13.9. On its own it is not directly exploitable; risk exists when an application deserializes Java objects, enabling an attacker to erase arbitrary files, make network connections, or possibly execute code (notably Func...

CVE-2022-29063 Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz

The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run...

Zoho Password Manager Pro XML-RPC Java Deserialization

This module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain RCE as the SYSTEM user. Module Options msf use...

CVE-2022-29805

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...

CVE-2022-29805

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...

CVE-2022-29805

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...

Deserialization of untrusted data

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...

CVE-2022-29805

CVE-2022-29805 affects Fishbowl Inventory’s Fishbowl Server prior to 2022.4.1, where a Java deserialization flaw allows remote code execution via a crafted XML payload. The NVD/Vuln entries cite CVSSv3.1 base score 9.8 (CRITICAL) with network access, no user interaction, and all three CIA impacts...

CVE-2022-29805

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...

PT-2022-19840 · Unknown · Fishbowl Inventory

Name of the Vulnerable Software and Affected Versions: Fishbowl Inventory versions prior to 2022.4.1 Description: A Java Deserialization issue allows remote attackers to execute arbitrary code via a crafted XML payload. This affects the Fishbowl Server component. Recommendations: For versions pri...

Fishbowl Inventory 代码问题漏洞

Fishbowl Inventory is an inventory optimization business solution integration from Fishbowl USA, Inc. for automating critical business processes and improving efficiency. A security vulnerability exists in Fishbowl Inventory versions prior to 2022.4.1, which stems from a Java deserialization...

Zoho Password Manager Pro XML-RPC Java Deserialization Exploit

This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user. This...

Zoho Password Manager Pro XML-RPC Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zoho Password Manager Pro XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Zoho...

CVE-2021-41419

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization...

CVE-2021-41419

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization...

Deserialization of untrusted data

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization...

CVE-2021-41419

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization...

CVE-2021-41419

CVE-2021-41419 affects QVIS NVR/DVR firmware prior to 2021-12-13 and is due to insecure Java deserialization in the device’s remote management functionality. The issue enables Remote Code Execution and is rated critical (CVSS v3.1: 9.8; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected product: QVIS...

QVIS NVR Camera Management System 代码问题漏洞

QVIS NVR Camera Management System is a surveillance system from QVIS Corporation. A security vulnerability exists in the QVIS NVR Camera Management System that stems from vulnerability to remote code execution attacks via Java deserialization...