Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe...

CVE-2017-12633

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws...

Cisco Security Manager Java Object Deserialization RCE (CSCux34671)

The version of Cisco Security Manager running on the remote web server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sendi...

Cisco Prime LAN Management Solution Java Object Deserialization RCE (CSCux34647)

The Cisco Prime Lan Management Solution LMS running on the remote web server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by...

H3C / HPE Intelligent Management Center accessMgrServlet Java Object Deserialization RCE

Binary data hpimccve-2017-5790.nbin...

Remote Code Execution (RCE)

glassfish web-core is susceptible to remote code execution. It does not prevent NULL \0 byte injection in repository path of PartItem, allowing potential file manipulation via Java object deserialization. Moreover, it does not validate the existence of the NULL \0 byte when an older Java VM is...

IBM WebSphere Application Server 8.0.0.x < 8.0.0.13 Multiple Vulnerabilities

Binary data 700016.prm...

Remote Code Execution (RCE)

Apache Camel's camel-snakeyaml component is vulnerable to remote code execution through a Java object deserialization vulnerability. It is possible to deserialize untrusted data in an unmarshalling operation that leads to remote code execution...

Remote Code Execution (RCE)

Apache Camel is vulnerable to remote code execution RCE through Java object deserialization. The camel-jackson and camel-jacksonxml components allow to specify a type through the CamelJacksonUnmarshalType property. Deserializing untrusted data can lead to security flaws as demonstrated in various...

MySQL Enterprise Monitor 3.1.x < 3.1.6.7959 Java Object Deserialization RCE (January 2017 CPU)

According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.1.x prior to 3.1.6.7959. It is, therefore, affected by a remote code execution vulnerability in the JMXInvokerServlet interface due to improper validation of Java objects before...

HP Operations Orchestration wsExecutionBridgeService Servlet Java Object Deserialization RCE

The version of HP Operations Orchestration running on the remote host is affected by a remote code execution vulnerability in the wsExecutionBridgeService servlet due to improper validation of user-supplied input before deserialization. An unauthenticated, remote attacker can exploit this, by...

NetIQ Sentinel Java Object Deserialization RCE

The remote Novell NetIQ Sentinel server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the BeanShell library. An unauthenticated, remote attacker can exploit this, by sending a specially crafted serialized Java object via th...

HP Network Automation RPCServlet Java Object Deserialization RCE

The HP Network Automation application running on the remote host is version 9.1x, 9.2x, or 10.00.x prior to 10.00.021; 10.10.x or 10.11.x prior to 10.11.011; or 10.20.x prior to 10.20.001. It is, therefore, affected by a remote code execution vulnerability in RPCServlet due to improper sanitizati...

HP Intelligent Management Center Java Object Deserialization RCE

The version of HP Intelligent Management Center IMC installed on the remote Windows host is prior to 7.2. It is, therefore, affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An...

Oracle WebLogic Server Java Object Deserialization RCE (July 2016 CPU)

The remote Oracle WebLogic Server is affected by a remote code execution vulnerability in the WLS Core component in the readObject function due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted object payload, to bypass the...

Sonatype Nexus Repository Manager Java Object Deserialization RCE

The Sonatype Nexus Repository Manager server application running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit...

SolarWinds Virtualization Manager Java Object Deserialization RCE

The remote SolarWinds Virtualization Manager server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a specially...

HP Operations Orchestration 10.x < 10.51 Java Object Deserialization RCE

The version of HP Operations Orchestration installed on the remote host is 10.x prior to 10.51. It is, therefore, affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated,...

Mail.ru: bgplay.mail.ru

Potential RCE via Java object deserialization in out-of-scope service...

Jenkins < 1.642.2 / 1.650 Java Object Deserialization RCE

The remote web server hosts a version of Jenkins or Jenkins Enterprise that is prior to 1.642.2 or 1.650. It is, therefore, affected by a Java deserialization vulnerability. An unauthenticated, remote attacker can exploit this, by deserializing specific java.rmi and sun.rmi objects, to start a JR...