CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...

Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities

The version of Siemens SINEC NMS Server installed on the remote host is affected by multiple vulnerabilities, including the following: - A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA...

Apache Camel camel-hessian component vulnerable to Java object deserialization

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...

Adobe ColdFusion 11 Remote Code Execution

Exploit Title: Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution RCE Google Dork: intext:"adobe coldfusion 11" Date: 2022-22-02 Exploit Author: Amel BOUZIANE-LEBLOND https://twitter.com/amellb Vendor Homepage: https://www.adobe.com/sea/products/coldfusion-family.html...

CVE-2021-33728

A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this...

CVE-2021-34371

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

CVE-2021-34371

Summary of the issue (CVE-2021-34371): Neo4j up to version 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, such as via setSessionVariable. This can enable remote code execution because gadget chains exist in the affected environment. In pr...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

Oracle WebLogic Server Java Object Deserialization RCE (CVE-2020-2883)

Binary data oracleweblogicservercve20202883.nbin...

Security Bulletin: Vulnerability in Apache Commons affects WebSphere Message Broker and IBM Integration Bus (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed in the Global Cache component of WebSphere Message Broker and IBM Integration Bus Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote...

Security Bulletin: Vulnerability in Apache Commons affects IBM i (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM i. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Sterling Secure Proxy (CVE-2016-3092)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload...

Deserialization of untrusted data

An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr...

Oracle WebLogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.3 Java Object Deserialization RCE (CVE-2018-3191)

Binary data oracleweblogicservercve20183191.nbin...

Security Bulletin: Vulnerability in Apache Commons affects IBM System Networking Switch Center (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM System Networking Switch Center. Vulnerability Details Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM System...

Security Bulletin: Vulnerability in Apache Commons affects IBM Fabric Manager (IFM) (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Fabric Manager IFM. Vulnerability Details Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Fabric Manager IFM...

Security Bulletin: Vulnerability in Apache Commons affects Rational Developer for i, Rational Developer for AIX and Linux and Rational Developer for Power Systems Software (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by Rational Developer for i, Rational Developer for AIX and Linux and Rational Developer for Power Systems Software. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons...

Security Bulletin: A vulnerability in Apache Commons affects IBM Flex System Manager(FSM) (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by FSM. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserializatio...

Security Bulletin: An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC.

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons...

Security Bulletin: Vulnerability in Apache Commons affects IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, and products shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerability Details IBM Business Proce...