768 matches found
CVE-2020-9484 — PersistentManager Java deserialization vulnerability
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a an attacker is able to control the contents and name of a file on the server; and b the server is configured to use the PersistenceManager with a FileStore; and c the...
Insecure Defaults
Apache Camel RabbitMQ uses an insecure default. The Java deserialization is enabled by default and allows an attacker to execute arbitrary code via a deserialization vulnerability...
CVE-2020-11973
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
CVE-2020-11972
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
CVE-2020-11972
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
CVE-2020-11973
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
Deserialization of untrusted data
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
Deserialization of untrusted data
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
CVE-2020-11972
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
CVE-2020-11972
CVE-2020-11972 affects Apache Camel RabbitMQ: Java deserialization is enabled by default in the RabbitMQ component, enabling remote code execution. Affected Camel versions include 2.22.x, 2.23.x, 2.24.x, 2.25.0, and 3.0.0 up to 3.1.0. To mitigate, upgrade 2.x line to 2.25.1 or the 3.x line to 3.2...
CVE-2020-11973
CVE-2020-11973 affects Apache Camel with Netty, enabling Java deserialization due to unsafe/deserialized handling. Affected Camel versions: 2.22.x, 2.23.x, 2.24.x, 2.25.0, up to 3.1.0. Remediation is upgrade to Camel 2.25.1 (2.x line) or 3.2.0 (3.x line); no exploit details are provided in the do...
CVE-2020-11973
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0...
PT-2020-4637 · Apache · Apache Camel
Name of the Vulnerable Software and Affected Versions: Apache Camel versions 2.22.x through 2.25.0 Apache Camel versions 3.0.0 through 3.1.0 Description: The issue is related to Java deserialization being enabled by default in Apache Camel Netty. This can allow a remote attacker to gain...
Apache Shiro 1.2.4 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Shiro v1.2.4 Cookie RememberME Deserial RCE', 'Description' = %q This vulnerability allows remote attackers to execute arbitrary code on...
CVE-2020-12133
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization...
CVE-2020-12133
Concerning CVE-2020-12133, multiple connected sources confirm a remote code execution vulnerability in Furukawa Electric ConsciusMAP and related provisioning components (Apros Evolution, ConsciusMap, Furukawa provisioning systems) up to version 2.8.1 due to javax.faces.ViewState Java deserializat...
CVE-2020-12133
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization...
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution
Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Date: 2020-04-24 Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A !/usr/bin/env python3 -- coding: utf-8...
Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution
Summary Apros Evoluation / Furukawa / ConsciusMap is the Tecnored provisioning system for FTTH networks. Complete administration of your entire external FTTH network plant, including from the ONUs installed in each end customer, to the wiring and junction boxes. Unify all the management of your...
Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution
!/usr/bin/env python3 -- coding: utf-8 -- Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution Vendor: Furukawa Electric Co., Ltd. | Tecnored SA Product web page: https://www.furukawa.co.jp | https://www.tecnoredsa.com.ar Affected version: APROS Evolution | 2.8.1 FURUKAW...