768 matches found
JBOSS EAP/AS Remoting Unified Invoker RCE
An unauthenticated attacker with network access to the JBOSS EAP/AS use exploit/multi/misc/jbossremotingunifiedinvokerrce msf exploitjbossremotingunifiedinvokerrce show targets ...targets... msf exploitjbossremotingunifiedinvokerrce set TARGET msf exploitjbossremotingunifiedinvokerrce show option...
JBOSS EAP/AS 6.x Remote Code Execution Exploit
An unauthenticated attacker with network access to the JBOSS EAP/AS versions 6.x and below Remoting Unified Invoker interface can send a serialized object to the interface to execute code on vulnerable hosts. This module requires Metasploit: https://metasploit.com/download Current source:...
JBOSS EAP/AS 6.x Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBOSS EAP/AS Remoting Unified Invoker RCE', 'Description' = %q An unauthenticated attacker with network access to the JBOSS EAP/AS 'Joao Matos ',...
karaf: insecure java deserialization
A flaw was found in Apache Karaf. This issue allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX...
Atlassian Bitbucket Data Center Insecure Deserialization (CVE-2022-26133)
A insecure deserialization vulnerability exists in Atlassian Bitbucket Data Center. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system via Java deserialization...
Gentics CMS 5.36.29 Cross Site Scripting / Deserialization
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting & Unsafe Java Deserializiation product: Gentics CMS vulnerable version: 5.36.29, see section below fixed version: 5.40.27, 5.41.15, 5.42.7,...
Atlassian Confluence 7.4.x < 7.4.17 / 7.13.x < 7.13.7 / 7.14.x < 7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.4 / 7.18.x < 7.18.1 (CONFSERVER-79017)
The version of Atlassian Confluence installed on the remote host is prior to 7.4.x 7.4.17 / 7.13.x 7.13.7 / 7.14.x 7.14.3 / 7.15.x 7.15.2 / 7.16.x 7.16.4 / 7.17.x 7.17.4 / 7.18.x 7.18.1. It is, therefore, affected by a vulnerability as referenced in the CONFSERVER-79017 advisory. - Summary A remo...
Exploit for Deserialization of Untrusted Data in Atlassian Bitbucket_Data_Center
CVE-2022-26133 Information Description SharedSecre...
GHSA-4WRC-F8PQ-FPQP Pivotal Spring Framework contains unsafe Java deserialization methods
Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. Maintainers recommend...
Pivotal Spring Framework contains unsafe Java deserialization methods
Pivotal Spring Framework before 6.0.0 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. Maintainers recommend...
Mulesoft Mule Unsafe Deserialization
The MuleSoft Mule runtime engine before 3.8.0 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections...
Deserialization of Untrusted Data in Hazelcast
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...
GHSA-JV65-PF7V-F7P8 Deserialization of Untrusted Data in Hazelcast
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code...
Apache James Privilege Escalation
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
GHSA-5WHJ-523X-6J68 Apache Camel camel-hessian component vulnerable to Java object deserialization
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...
USU Oracle Optimization Deserialization Vulnerability
USU Oracle Optimization is used to improve Oracle query performance.A deserialization vulnerability exists in versions of USU Oracle Optimization prior to 5.17, which originates from the Java deserialization of /v2/quantum/save-data-upload-big-file, and an attacker can exploit this vulnerability ...
CVE-2022-29936
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product...
CVE-2022-29936
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product...
CVE-2022-29936
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product...
Deserialization of untrusted data
USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product...