Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A...

QRadar Community Edition 7.3.1.6 Path Traversal Vulnerability

QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens UUIDs. QRadar fails to validate if the user-supplied token is in the correct format. Using path...

ManageEngine Desktop Central - Java Deserialization (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Desktop Central Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in the...

ManageEngine Desktop Central Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Desktop Central Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in the...

ManageEngine Desktop Central Java Deserialization

This module exploits a Java deserialization vulnerability in the getChartImage method from the FileStorage class within ManageEngine Desktop Central versions 'ManageEngine Desktop Central Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in the...

CVE-2017-10992

In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461...

CVE-2017-10992

In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461...

CVE-2017-10992

In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461...

CVE-2017-10992

HPE Storage Essentials 9.5.0.142 is affected by an unauthenticated Java deserialization vulnerability that enables remote code execution via OS commands in requests to invoker/JMXInvokerServlet (PSRT110461). The CVE-2017-10992 entry documents high-severity impact (CVSS v3.1: CRITICAL, 9.8) with n...

CVE-2016-1487

Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization...

CVE-2016-1487

Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization...

Deserialization of untrusted data

Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization...

CVE-2016-1487

CVE-2016-1487 affects Lexmark Markvision Enterprise prior to 2.3.0, where unsafe deserialization of untrusted Java objects in Apache Commons Collections via the RMI interface enables remote code execution. The root cause is deserialization of unauthenticated serialized objects, allowing an attack...

CVE-2016-1487

Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization...

CVE-2020-5327

Dell Security Management Server versions prior to 10.2.10 contain a Java RMI Deserialization of Untrusted Data vulnerability. When the server is exposed to the internet and Windows Firewall is disabled, a remote unauthenticated attacker may exploit this vulnerability by sending a crafted RMI...

Liferay CE 6.0.2 Java Deserialization

Liferay CE 6.0.2 remote code execution via unsafe deserialization Recent assessments: theguly at March 02, 2020 5:11pm UTC reported: on 29th of january 2020 this github1 repo came up, with some newsfeed, speakin about a RCE via deserialization on Liferay 6.0.2 i’m aware that liferay is widely use...

OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

Exploit for CVE-2017-3251

PoC exploit for CVE-2017-3251, a Java object deserialization vulnerability. The ysoserial tool generates payloads that exploit this vulnerability by creating a malicious object that, when deserialized, executes arbitrary code. The tool takes a user-specified command and wraps it in a gadget chain...

OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422)

A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization...

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Java...