768 matches found
CVE-2018-10654
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3...
CVE-2018-10654
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3...
Citrix XenMobile 10.x Multiple Security Updates
Description of Problem A number of security vulnerabilities have been identified in Citrix XenMobile Server. The vulnerabilities have been assigned the following CVE numbers. Affecting XenMobile Server 10.7 and 10.8: CVE-2018-10653 High: XML External Entity XXE Processing Vulnerability in Citrix...
OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attack...
U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website
SUMMARY: ==================== This report describes a vulnerability similar to that described in my other reports 329376, 329397, 329399 The DoD https://████/psc/EXPROD/ Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution RCE and Denial of Service Attacks D...
Nessus plug-in“arms”tutorial-vulnerability warning-the black bar safety net
! Overview In a recent internal penetration test, we need to use a Java two-stage deserialization vulnerability. In this article, we will tell you how to transform the Nessus plugin, because the plugin was originally only the use of an existing RCE vulnerability, but we will teach you how to...
Cisco products in the presence of severe hard-coded password vulnerabilities and Java deserialization vulnerability-vulnerability warning-the black bar safety net
Recently, Cisco released 22 security Bulletin, which includes two important fixes: fixes a hard-coded password Vulnerability CVE-2018-0141 and a Java deserialization Vulnerability, CVE-2018-0147 to. ! Hard-coded password vulnerability Hard-coded password vulnerability affecting Cisco Prime...
Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers
A medium yet critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software that could allow a local attacker to elevate privileges to root and take full control of a system. Cisco Prime Collaboration Provisioning PCP application allows administrators to remotely...
CVE-2018-0147
A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...
Deserialization of untrusted data
A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...
CVE-2018-0147
A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...
CVE-2018-0147
A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...
CVE-2018-0147
CVE-2018-0147 affects Cisco Secure Access Control System (ACS) prior to 5.8 patch 9. The root cause is insecure Java deserialization of user-supplied content, allowing unauthenticated remote attackers to execute arbitrary commands with root privileges on affected devices. Public sources in the co...
CVE-2018-0147
A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...
CVE-2018-0147
A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...
Cisco Secure Access Control System Java Deserialization Vulnerability
The Cisco Secure Access Control System is a policy-based platform for enterprise access and network device management control. A Java deserialization vulnerability exists in the Cisco Secure Access Control System. A remote user can send a specially crafted serialized Java object to exploit this...
PT-2018-1126 · Oracle +1 · Java +1
Name of the Vulnerable Software and Affected Versions: Cisco Secure Access Control System versions prior to 5.8 patch 9 Description: A vulnerability in Java deserialization used by the affected software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected...
CVE-2016-8511
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found...
Remote code execution
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found...
CVE-2016-8511
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found...