768 matches found
Deserialization of untrusted data
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session...
CVE-2021-29485 Remote Code Execution Vulnerability in Session Storage
Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, a malicious attacker can achieve Remote Code Execution RCE via a maliciously crafted Java deserialization gadget chain leveraged against the Ratpack session store. If one's application does not use Ratpack's session...
CVE-2021-29485
Ratpack vulnerability CVE-2021-29485 affects versions before 1.9.0 when using Ratpack's session storage. An attacker can achieve remote code execution by crafting a Java deserialization gadget chain in the session data, provided the application writes to the session store. If an application does ...
PT-2021-5345
Name of the Vulnerable Software and Affected Versions ForgeRock Access Management AM Core Server versions prior to 7.0 ForgeRock OpenAM version 14.6.3 and earlier Description The issue is related to a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. This...
Exploit for Deserialization of Untrusted Data in Apache Tapestry
CVE-2021-27850 Exploit Overview CVE-2021-27850 is a...
CVE-2020-9493 Java deserialization in Chainsaw
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution...
marshalsec
This is a Java-based tool for exploiting Java object deserialization vulnerabilities, specifically targeting various Java open-source marshalling libraries. The tool, named "marshalsec," is designed to unmarshal arbitrary, attacker-supplied types and demonstrate the potential for remote code...
CVE-2021-23894
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
Remote Code Execution (RCE)
dubbo is vulnerable to remote code execution. An attacker may exploit the vulnerability by injecting a command other than the possible values, controlling the RPC attachment to set it to nativejava and force the java deserialization of the byte array located out of the limit of argument...
CVE-2021-30179
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...
Apache Dubbo代码问题漏洞
Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. The product provides interface-based remote calling , fault tolerance and load balancing and automatic service registration and discovery. A deserialization vulnerability...
CVE-2021-30179
Apache Dubbo CVE-2021-30179 affects versions prior to 2.6.9 and 2.7.9. The vulnerability arises because GenericFilter allows generic calls to arbitrary methods on provider interfaces, using Java Reflection. The invocation of $invoke/$invokeAsync uses a first argument method name, parameter types,...
CVE-2021-30179 Apache Dubbo Pre-auth RCE via Java deserialization in the Generic filter
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...
Deserialization of Untrusted Data in Apache Camel RabbitMQ
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
NetMotion Mobility Server MvcUtil Java Deserialization
This module exploits an unauthenticated Java deserialization in the NetMotion Mobility server's MvcUtil.valueStringToObject method, as invoked through the /mobility/Menu/isLoggedOn endpoint, to execute code as the SYSTEM account. Mobility server versions 11.x before 11.73 and 12.x before 12.02 ar...
NetMotion Mobility Server MvcUtil Java Deserialization Exploit
This Metasploit module exploits an unauthenticated Java deserialization in the NetMotion Mobility server's MvcUtil.valueStringToObject method, as invoked through the /mobility/Menu/isLoggedOn endpoint, to execute code as the SYSTEM account. Mobility server versions 11.x before 11.73 and 12.x befo...
ysoserial
This is a Java tool called ysoserial, which generates payloads that exploit unsafe Java object deserialization. The tool is designed to create gadgets that can be used to execute arbitrary code on a Java application that performs unsafe deserialization. The tool takes a user-specified command and...
Metasploit Wrap-Up
Spilling the Gitea We have two modules coming in from cdelafuente-r7 targeting CVE-2020-14144 for both the Gitea and Gogs self-hosted Git services. Both modules are similar: they take advantage of a user’s ability to create Git hooks by authenticating with the web interface, creating a dummy...
Apache OFBiz SOAP Java Deserialization Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://ofbiz.apache.org/service/', 'soapenv' = 'http://schemas.xmlsoap.org/soap/envelope/' .freeze def initializeinfo = super updateinfo info,...
Apache OFBiz SOAP Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://ofbiz.apache.org/service/', 'soapenv' = 'http://schemas.xmlsoap.org/soap/envelope/' .freeze def initializeinfo = super updateinfo info,...