CVE-2015-5348

CVE-2015-5348 affects Apache Camel: deserialization of HTTP requests using content-header: application/x-java-serialized-object via camel-jetty or camel-servlet, allowing remote code execution. Affected: Camel 2.6.x–2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1. Root cause: insecure Java...

CVE-2016-2170

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

Design/Logic Flaw

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

CVE-2016-2170

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

Design/Logic Flaw

HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...

CVE-2016-2000

HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...

HP Operations Orchestration 10.x < 10.51 Java Object Deserialization RCE

The version of HP Operations Orchestration installed on the remote host is 10.x prior to 10.51. It is, therefore, affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated,...

CVE-2016-1998

HPE Service Manager SM 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

CVE-2016-1997

HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

Code injection

HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

CVE-2016-1998

HPE Service Manager SM 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

CVE-2016-1998

CVE-2016-1998 affects HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2. The vulnerability arises from deserializing a crafted Java object, related to the Apache Commons Collections library, allowing remote attackers to execute arbitrary commands. Exposure is via network (remot...

CVE-2016-1997

HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

Mail.ru: bgplay.mail.ru

Potential RCE via Java object deserialization in out-of-scope service...

Jenkins < 1.642.2 / 1.650 Java Object Deserialization RCE

The remote web server hosts a version of Jenkins or Jenkins Enterprise that is prior to 1.642.2 or 1.650. It is, therefore, affected by a Java deserialization vulnerability. An unauthenticated, remote attacker can exploit this, by deserializing specific java.rmi and sun.rmi objects, to start a JR...

Jenkins < 1.642.2 / 1.650 Java Object Deserialization RCE

The Jenkins web server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Groovy library, specifically the runtime.MethodClosure class. An unauthenticated, remote attacker can exploit this, via a...

Apache ActiveMQ 5.x < 5.13.0 Java Object Unserialization RCE

Binary data 9080.prm...

Lexmark Markvision Enterprise Java Object Deserialization RCE

The remote Lexmark Markvision Enterprise server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a specially crafted...

CVE-2016-1986

HP Continuous Delivery Automation CDA 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

CVE-2016-1986

HP Continuous Delivery Automation CDA 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...