768 matches found
CVE-2016-8511
CVE-2016-8511 is a remote code execution in HP Network Automation via RPCServlet Java deserialization. The flaw allows sending crafted serialized data to RPCServlet to execute arbitrary code. Affected versions include HP Network Automation 9.1x, 9.2x, and 10.00.x before 10.00.021; 10.10.x before ...
CVE-2016-8511
A Remote Code Execution vulnerability in HPE Network Automation using RPCServlet and Java Deserialization version v9.1x, v9.2x, v10.00, v10.00.01, v10.00.02, v10.10, v10.11, v10.11.01, v10.20 was found...
CVE-2018-1000058
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary...
CVE-2018-1000058
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary...
Deserialization of untrusted data
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary...
CVE-2018-1000058
CVE-2018-1000058 affects Jenkins Pipeline: Supporting APIs Plugin up to version 2.17. Root cause: incomplete sandbox protection allowing deserialization via readResolve in Pipeline scripts, enabling arbitrary code execution. Impact: remote code execution with network access; high severity per lin...
CVE-2018-1000058
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary...
HPE iMC 7.3 - RMI Java Deserialization
HPE iMC 7.3 - RMI Java Deserialization Exploit Title: HPE iMC 7.3 Java RMI Registry Deserialization RCE Vulnerability Date: 01-28-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...
HPE iMC 7.3 RMI Java Deserialization
Exploit Title: HPE iMC 7.3 Java RMI Registry Deserialization RCE Vulnerability Date: 01-28-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...
CVE-2017-1000353
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...
Java Deserialization
nifi-framework-core is vulnerable to Java deserialization. An authenticated user who has a valid client certificate can upload a template containing malicious code to cause a denial of service DoS conditions and potentially perform other attacks...
Apache NiFi Java Deserialization Vulnerability
Apache NiFi is a data-flow based data processing and distribution system of the Apache Apache Software Foundation, USA. The system supports the configuration and transformation of data routing indicator maps and system intermediary logic. A security vulnerability exists in Apache NiFi versions...
CVE-2017-15703
Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...
CVE-2017-15703
Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...
CVE-2017-15703
Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...
CVE-2017-15703
Apache NiFi (1.x) is affected by CVE-2017-15703 where an authenticated user with a valid client certificate and without ACL permissions can upload a template containing malicious Java deserialization code, leading to a denial-of-service. The root cause is improper handling of Java deserialization...
Deserialization of untrusted data
Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...
JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool
JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server and others Java Platforms, Frameworks, Applications, etc. Requirements Python = 2.7.x urllib3 ipaddress Installation on Linux\Mac To install the latest version of JexBoss, please use the following commands: g...
MGASA-2017-0382 Updated mysql-connector-java packages fix security vulnerabilities
Thijs Alkemade discovered that unexpected automatic deserialisation of Java objects in the MySQL Connector/J JDBC driver may result in the execution of arbitary code CVE-2017-3523. Two vulnerabilities have been found in the MySQL Connector/J JDBC driver CVE-2017-3586, CVE-2017-3589...
Arbitrary Command Execution Through Java Deserialization Flaw
james-server is vulnerable to arbitrary command execution. The vulnerability exists due to a Java deserialization issue through the command line client introduced by an embedded JMX Server in james-server...