52 matches found
Exploit for Deserialization of Untrusted Data in Apache Tomcat
It is an offensive tool for web application exploitation. The re...
KLA79208 Multiple vulnerabilities in Oracle Java
Multiple vulnerabilities were found in Oracle Java. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability can be exploited remotely to execut...
CVE-2023-0925
Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...
CVE-2023-29411
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...
CVE-2023-1656
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...
CVE-2023-1656
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...
Code injection
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...
CVE-2023-1656
CVE-2023-1656 affects ForgeRock OpenIDM and the Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, and Linux. The root cause is cleartext transmission of LDAP BIND credentials before TLS, leading to potential exposure of credentials for OpenIDM and RCS versions 1.5.20.9–1.5.20.1...
CVE-2023-1656 When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.
Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...
PT-2023-2592 · Forgerock · Openid +1
Name of the Vulnerable Software and Affected Versions: OpenIDM and Java Remote Connector Server RCS versions 1.5.20.9 through 1.5.20.13 Description: The issue is related to the cleartext transmission of sensitive information, which can allow remote services to access protected information with...
SUSE CVE-2016-0788
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener...
NetScout nGeniusONE 代码注入漏洞
NetScout nGeniusONE is a centralized application management and network performance solution from NetScout, Inc. A code injection vulnerability exists in NetScout nGeniusONE version 6.3.2, which can be exploited by an attacker to execute Java RMI code...
GHSA-J7Q5-H445-F7PC Jenkins allows Execution of Code by Opening a JRMP Listener
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener...
CVE-2020-23621
The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object...
CVE-2020-23620
The CVE-2020-23620 entry concerns Orlansoft ERP’s Java Remote Management Interface, with a vulnerability caused by insecure deserialization of user-supplied content. This allows an attacker to execute arbitrary Java code by submitting a crafted serialized object. Multiple connected documents (inc...
CVE-2020-3402
A vulnerability in the Java Remote Method Invocation RMI interface of Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticate...
Cisco Unified Customer Voice Portal Information Disclosure Vulnerability
A vulnerability in the Java Remote Method Invocation RMI interface of Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticate...
CVE-2020-3280
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affecte...
CVE-2020-3280 Cisco Unified CCX Preauth RCE
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affecte...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
ysoserial-cve-2018-2628 0x1. 准备工作 - 准备好POC脚本及Payload Object生成、JRMPListener运行所需软件环境 Python 2.7.x Oracle Java SE 1.7+ - 准备好一套安装好Patch Set Update 180417补丁的WebLogic Server 10.3.6环境(仅有AdminServer即可) 如果有现成的、已经安装好这个PSU版本的WebLogic环境,则可跳过这一步。 - 准备好POC工具 从本项目里下载POC脚本(wls-cve-2018-2628-poc.py)...