341 matches found
Code injection
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object...
Design/Logic Flaw
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...
CVE-2016-10304
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...
CVE-2016-10304
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...
Remote Code Execution (RCE)
glassfish web-core is susceptible to remote code execution. It does not prevent NULL \0 byte injection in repository path of PartItem, allowing potential file manipulation via Java object deserialization. Moreover, it does not validate the existence of the NULL \0 byte when an older Java VM is...
IBM WebSphere Application Server 8.0.0.x < 8.0.0.13 Multiple Vulnerabilities
Binary data 700016.prm...
IBM WebSphere Application Server 7.0.0.x < 7.0.0.43 Multiple Vulnerabilities
Binary data 700015.prm...
CVE-2017-3159
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
CVE-2017-3159
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
Design/Logic Flaw
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
CVE-2017-3159
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...
Design/Logic Flaw
OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...
CVE-2017-5586
OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...
CVE-2017-5586
OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...
Remote Code Execution (RCE)
Apache Camel's camel-snakeyaml component is vulnerable to remote code execution through a Java object deserialization vulnerability. It is possible to deserialize untrusted data in an unmarshalling operation that leads to remote code execution...
Remote Code Execution (RCE)
Apache Camel is vulnerable to remote code execution RCE through Java object deserialization. The camel-jackson and camel-jacksonxml components allow to specify a type through the CamelJacksonUnmarshalType property. Deserializing untrusted data can lead to security flaws as demonstrated in various...
Code injection
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning...
CVE-2016-6500
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning...
MySQL Enterprise Monitor 3.1.x < 3.1.6.7959 Java Object Deserialization RCE (January 2017 CPU)
According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.1.x prior to 3.1.6.7959. It is, therefore, affected by a remote code execution vulnerability in the JMXInvokerServlet interface due to improper validation of Java objects before...
HP Operations Orchestration wsExecutionBridgeService Servlet Java Object Deserialization RCE
The version of HP Operations Orchestration running on the remote host is affected by a remote code execution vulnerability in the wsExecutionBridgeService servlet due to improper validation of user-supplied input before deserialization. An unauthenticated, remote attacker can exploit this, by...