341 matches found
NetIQ Sentinel Java Object Deserialization RCE
The remote Novell NetIQ Sentinel server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the BeanShell library. An unauthenticated, remote attacker can exploit this, by sending a specially crafted serialized Java object via th...
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
Code injection
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
CVE-2016-6501
JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning...
CVE-2016-6496
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning...
CVE-2016-6496
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning...
Design/Logic Flaw
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning...
CVE-2016-6496
CVE-2016-6496 affects Atlassian Crowd LDAP entry handling. The LDAP directory connector is vulnerable to LDAP Java object injection: an attacker can cause remote code execution by sending a crafted serialized Java object in an LDAP attribute. Affected versions are all Crowd 1.4.1 to 2.8.7 (and 2....
CVE-2016-6496
The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning...
HP Network Automation RPCServlet Java Object Deserialization RCE
The HP Network Automation application running on the remote host is version 9.1x, 9.2x, or 10.00.x prior to 10.00.021; 10.10.x or 10.11.x prior to 10.11.011; or 10.20.x prior to 10.20.001. It is, therefore, affected by a remote code execution vulnerability in RPCServlet due to improper sanitizati...
VulnCheck KEV: CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...
CVE-2016-9299
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. Mitigation...
jenkins -- Remote code execution vulnerability in remoting module
Jenkins Security Advisory: An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassi...
OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OpenNMS Java Object Unserialization Remote Code Execution', 'Description' = %q This module exploits a vulnerability in the...
OpenNMS Java Object Unserialization Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OpenNMS Java Object Unserialization Remote Code Execution', 'Description' = %q This module exploits a vulnerability in the...
CVE-2016-7065
The JMX servlet in Red Hat JBoss Enterprise Application Platform EAP 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object...
CVE-2016-7065
The JMX servlet in Red Hat JBoss Enterprise Application Platform EAP 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object...