341 matches found
CVE-2021-34371
Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...
CVE-2021-34371
Summary of the issue (CVE-2021-34371): Neo4j up to version 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, such as via setSessionVariable. This can enable remote code execution because gadget chains exist in the affected environment. In pr...
CVE-2021-23894
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
Exploit for Deserialization of Untrusted Data in Apache Ofbiz
CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...
Deserialization of untrusted data
Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASSUREX RENTES product allows a remote attacker to inject unsecure serialized Java object using a specially crafted HTTP request, resulting in an unauthenticated remote code execution on the server...
Smartbear Collaborator Server Operating System Command Injection Vulnerability
Smartbear Collaborator Server is a software for code auditing and document review from Smartbear USA. A security vulnerability exists in SmartBear Collaborator Server through 13.3.13302, which can be exploited by an authenticated attacker to submit a serialized Java object to the server in order ...
Smartbear Collaborator Server 操作系统命令注入漏洞
Smartbear Collaborator Server is a software for code auditing and document review from Smartbear USA. A security vulnerability exists in SmartBear Collaborator Server through 13.3.13302, which can be exploited by an authenticated attacker to submit a serialized Java object to the server in order ...
CVE-2020-27131
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the...
Deserialization of untrusted data
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the...
CVE-2020-27131 Cisco Security Manager Java Deserialization Vulnerabilities
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the...
Jenkins 2.56 CLI Deserialization / Code Execution Exploit
An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data...
CVE-2020-5604
Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...
JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object
Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...
Oracle WebLogic Server Java Object Deserialization RCE (CVE-2020-2883)
Binary data oracleweblogicservercve20202883.nbin...
WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp
There exists a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an ExtractorComparator...
Tyler Technologies TylerTech Eagle Code Issue Vulnerability
Tyler Technologies TylerTech Eagle is a suite of land and official records management solutions from Tyler Technologies, USA. The product supports features such as land records management, public records self-service access, and property records management. A security vulnerability exists in Tyle...
CVE-2019-16112
TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI...
Remote code execution
TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI...
Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution
Summary Apros Evoluation / Furukawa / ConsciusMap is the Tecnored provisioning system for FTTH networks. Complete administration of your entire external FTTH network plant, including from the ONUs installed in each end customer, to the wiring and junction boxes. Unify all the management of your...
CVE-2019-17564
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...