768 matches found
Liferay CE Portal 6.0.2 - Remote Command Execution
Liferay CE Portal 6.0.2 - Remote Command Execution Exploit Title: Liferay CE Portal 6.0.2 - Remote Command Execution Google Dork: N/A Date: 2020-01-29 Exploit Author: Berk Dusunur Vendor Homepage: https://www.liferay.com/ Software Link:...
Liferay CE Portal 6.0.2 - Remote Command Execution
Exploit Title: Liferay CE Portal 6.0.2 - Remote Command Execution Google Dork: N/A Date: 2020-01-29 Exploit Author: Berk Dusunur Vendor Homepage: https://www.liferay.com/ Software Link: https://sourceforge.net/projects/lportal/files/Liferay%20Portal/6.0.2/...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2016-1000027
CVE-2016-1000027 involves remote code execution in Pivotal Spring Framework when deserializing untrusted data. Connected sources specify impact up to Spring Framework 5.3.16 (RCE via Java deserialization) and note that the vendor discourages untrusted-deserialization usage. Remediation guidance i...
CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
OpenMRS - Java Deserialization RCE (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMRS Java Deserialization RCE', 'Description' = %q OpenMRS is an open-source platform that supplies users with a customizable medical record...
CVE-2019-18956
Divisa Proxia Suite 9 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 10.0.32, and 10.1 10.1.5, SparkSpace 1.0 1.0.30, 1.1 1.1.2, and 1.2 1.2.4, and Proxia PHR 1.0 1.0.30 and 1.1 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely...
Deserialization of untrusted data
Divisa Proxia Suite 9 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 10.0.32, and 10.1 10.1.5, SparkSpace 1.0 1.0.30, 1.1 1.1.2, and 1.2 1.2.4, and Proxia PHR 1.0 1.0.30 and 1.1 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely...
CVE-2019-18956
CVE-2019-18956 affects Divisa Proxia Suite (various 9.x, 10.x versions), SparkSpace, and Proxia PHR. The flaw is remote code execution via untrusted Java deserialization triggered by the insecure handling of the proxia-error cookie in every request. An unauthenticated attacker can craft a seriali...
CVE-2019-18956
Divisa Proxia Suite 9 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 10.0.32, and 10.1 10.1.5, SparkSpace 1.0 1.0.30, 1.1 1.1.2, and 1.2 1.2.4, and Proxia PHR 1.0 1.0.30 and 1.1 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely...
OpenMRS Java Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMRS Java Deserialization RCE', 'Description' = %q OpenMRS is an open-source platform that supplies users with a customizable medical record...
Deserialized Double Dirty
Recently I was able to fully root a NetApp OnCommand Performance Manager appliance using a Java Deserialization vulnerability and Dirty COW...
CVE-2019-18580
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host...
Padding Oracle Attack
Apache Shiro is vulnerable to padding oracle attack. The attack is possible as it adopts RememberMe configuration for cookies as a default and uses CBC mode of encryption, which would allow an attacker to perform a Java deserialization attack that results in remote code execution...
JetBrains TeamCity Java Deserialization Vulnerability
TeamCity is a Java-based build management and continuous integration server from JetBrains. An insecure Java deserialization vulnerability exists in JetBrains TeamCity versions prior to 2019.1.4. An attacker can exploit this vulnerability to achieve remote code execution...
CVE-2019-18364
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution...
CVE-2019-18364
In JetBrains TeamCity before 2019.1.4, insecure Java Deserialization could potentially allow remote code execution...