768 matches found
Deserialization of untrusted data
In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code...
SerNet verinice 代码问题漏洞
SerNet verinice is a Java application from SerNet Germany. A tool for managing information security. SerNet verinice suffers from a code issue vulnerability that stems from insecure Java deserialization in SerNet verinice servers prior to version 1.22.2 that allows an authenticated, remote attack...
CVE-2021-36981
CVE-2021-36981 : In SerNet verinice servers before 1.22.2, insecure Java deserialization allows remote authenticated attackers to achieve arbitrary code execution. Affected: SerNet verinice server prior to version 1.22.2. Root cause: insecure Java deserialization in the server component. Impact: ...
PT-2021-21418 · Sernet · Sernet Verinice
Name of the Vulnerable Software and Affected Versions: SerNet verinice versions prior to 1.22.2 Description: The issue allows remote authenticated attackers to execute arbitrary code due to insecure Java deserialization. Recommendations: For versions prior to 1.22.2, update to version 1.22.2 or...
Neo4j 3.4.18 - RMI based Remote Code Execution (RCE)
Exploit Title: Neo4j 3.4.18 - RMI based Remote Code Execution RCE Date: 7/30/21 Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: neo4j.com Software Link: https://neo4j.com/download-thanks/?edition=community&release=3.4.18&flavour=unix Version: 3.4.18 Tested on:...
Neo4j 3.4.18 Remote Code Execution
Exploit Title: Neo4j 3.4.18 - RMI based Remote Code Execution RCE Date: 7/30/21 Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: neo4j.com Software Link: https://neo4j.com/download-thanks/?edition=community&release=3.4.18&flavour=unix Version: 3.4.18 Tested on:...
CVE-2021-35464
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...
CVE-2021-35464
CVE-2021-35464 affects ForgeRock OpenAM/Access Management: Java deserialization in the JATO framework allows pre-auth remote code execution on ForgeRock AM Core Server when running versions prior to 7.0. An attacker can trigger RCE by sending a crafted HTTP request to endpoints like /ccversion/Ve...
CVE-2021-35464
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...
CVE-2021-35464
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...
Beanshooter - JMX Enumeration And Attacking Tool
Beanshooter is a command line tool written in Java , which helps to identify common vulnerabilities on JMX endpoints. Introduction JMX stands for Java Management Extensions and can be used to monitor and configure the Java Virtual Machine from remote. Applications like tomcat or JBoss are often...
Pre-auth RCE in ForgeRock Access Manager (CVE-2021-35464)
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/ request to the server. The vulnerabilit...
Critical RCE Flaw in ForgeRock Access Manager Under Active Attack
Cybersecurity agencies in Australia and the U.S. are warning of an actively exploited vulnerability impacting ForgeRock's OpenAM access management solution that could be leveraged to execute arbitrary code on an affected system remotely. "The Australian Cyber Security Centre has observed actors...
ForgeRock / OpenAM Jato Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ForgeRock / OpenAM Jato Java Deserialization', 'Description' = %q This module leverages a pre-authentication remote code execution vulnerability ...
ForgeRock / OpenAM Jato Java Deserialization
This module leverages a pre-authentication remote code execution vulnerability in the OpenAM identity and access management solution. The vulnerability arises from a Java deserialization flaw in OpenAM's implementation of the Jato framework and can be triggered by a simple one-line GET or POST...
ForgeRock AM远程代码执行漏洞(CVE-2021-35464)
Pre-auth RCE in ForgeRock OpenAM CVE-2021-35464 Michael Stepankin Researcher @artsploit Published: 29 June 2021 at 11:23 UTC Updated: 29 June 2021 at 18:15 UTC While participating in one private bug bounty program, I discovered a pre-auth RCE in ForgeRock OpenAM server - a popular access manageme...
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
RCE is possible thanks to unsafe Java deserialization in the Jato framework used by OpenAM. Impact An unauthenticated, 3rd-party attacker or adversary can execute remote code Supporting Material/References - https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 System...
U.S. Dept Of Defense: Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)
RCE is possible thanks to unsafe Java deserialization in the Jato framework used by OpenAM. Supporting Material/References - https://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464 Impact An unauthenticated, 3rd-party attacker or adversary can execute remote code System...
CVE-2021-29485
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session...
CVE-2021-29485
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session...