Security Bulletin: CVE-2015-7450 affects the desktop IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary The following vulnerability in Apache commons that affects the desktop IBM Process Designer has been addressed. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and...

MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)

MobileIron Core is affected by the Log4Shell vulnerability whereby a JNDI string sent to the server will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the tomcat user. This module will start an LDAP server that...

MobileIron Log4Shell Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MobileIron Core Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q MobileIron Core is affected by the Log4Shell vulnerability...

Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities

The version of Siemens SINEC NMS Server installed on the remote host is affected by multiple vulnerabilities, including the following: - A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA...

Improper Neutralization of Special Elements used in an LDAP Query in Jenkins

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server...

Apache Camel camel-hessian component vulnerable to Java object deserialization

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...

GHSA-WFW7-6632-XCV2 Jenkins CLI Deserialization of Untrusted Data vulnerability

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in ysoserial"...

Jenkins CLI Deserialization of Untrusted Data vulnerability

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in ysoserial"...

GHSA-HXQQ-W4MR-MC62 Apache Struts's ParameterInterceptor component does not prevent access to public constructors

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object...

CVE-2020-23620

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object...

Deserialization of untrusted data

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object...

Orlansoft ERP 代码问题漏洞

Orlansoft ERP is an RRP system. Orlansoft ERP has a security vulnerability that stems from insecure deserialization of user-supplied content. An attacker can execute arbitrary code via a carefully crafted serialized Java object...

Adobe ColdFusion 11 Remote Code Execution

Exploit Title: Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution RCE Google Dork: intext:"adobe coldfusion 11" Date: 2022-22-02 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html...

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'UniFi Network Application Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q The Ubiquiti UniFi Network Application versions...

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Exploit

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux...

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Unauthenticated JNDI Injection RCE via Log4Shell', 'Description' = %q VMware vCenter Server is affected by the Log4Shell...

Security Bulletin: Vulnerability in IBM TRIRIGA Application Platform (CVE-2015-7450)

Summary IBM TRIRIGA Platform is vulnerable to Java Object De-Serialization Vulnerability. Vulnerability Details CVEID: CVE-2015-7450 CVSS Base Score: 9.80 CVSS Temporal Score: See X-Force for the current score CVSS Environmental Score: Undefined CVSS Vector:...

GHSA-6R7C-6W96-8PVW Remote Code Execution in AjaxNetProfessional

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution. Description Serialization is a process of converting an object into a sequence of...

CVE-2021-33728

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...

CVE-2021-33728

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...