8069 matches found
CVE-2021-21342
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...
UBUNTU-CVE-2021-21343
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...
CVE-2021-21343
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on...
XStream 代码问题漏洞
XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can be easily converted to each other . XStream has a server-side request forgery vulnerability that can be exploited by an attacker to manipulate the processed input strea...
XStream 代码问题漏洞
XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . A code execution vulnerability exists in XStream, which can be exploited by an attacker to manipulate the processed input stream and...
XStream 操作系统命令注入漏洞
XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a code execution vulnerability that can be exploited by an attacker to manipulate the processed input stream and replace...
XStream 代码问题漏洞
XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream code execution vulnerability , an attacker can be exploited to manipulate the processed input stream and replace or inject...
XStream 代码问题漏洞
XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . A code execution vulnerability exists in XStream, which can be exploited by an attacker to manipulate the processed input stream and...
XStream 资源管理错误漏洞
XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a denial-of-service vulnerability that can be exploited by an attacker to manipulate the processed input stream and...
Web vulnerabilities exploit weekly digest #1. March 8-15th 2021. VMware vCenter and Apache OFBiz RCE.
Welcome to the Wallarm weekly web exploits digest! Since this week, we will publish our weekly digests consists of web exploits with CVSS scores higher than 5. It will be followed by explanations, risks analysis, related stories and news. So, here we go! The most sophisticated and interesting...
XStream Server-Side Request Forgery Vulnerability
XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can easily be converted to each other . XStream has a server-side request forgery vulnerability that can be exploited by an attacker to manipulate the processed input strea...
ForkCMS PHP Object Injection Vulnerability
ForkCMS PHP Object Injection ========================= | Target: | ForkCMS | | Vendor: | ForkCMS | | Version: | all versions below version 5.8.3 | | CVE: | CVE-2020-24036 | | Accessibility: | Remote | | Severity: | Medium | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technology |...
QCubed 3.1.1 PHP Object Injection Vulnerability
QCubed PHP Object Injection =========================== | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24914 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagner AIT Austrian Institute of Technolog...
QCubed 3.1.1 PHP Object Injection
QCubed PHP Object Injection =========================== | Identifier: | AIT-SA-20210215-01 | | Target: | QCubed Framework | | Vendor: | QCubed | | Version: | all versions including 3.1.1 | | CVE: | CVE-2020-24914 | | Accessibility: | Remote | | Severity: | Critical | | Author: | Wolfgang Hotwagne...
ForkCMS PHP Object Injection
ForkCMS PHP Object Injection ========================= | Identifier: | AIT-SA-20210215-04 | | Target: | ForkCMS | | Vendor: | ForkCMS | | Version: | all versions below version 5.8.3 | | CVE: | CVE-2020-24036 | | Accessibility: | Remote | | Severity: | Medium | | Author: | Wolfgang Hotwagner AIT...
ForkCMS PHP Object Injection Vulnerability
ForkCMS is an open source content management system CMS written in PHP. A PHP object injection vulnerability exists in the back-end Ajax endpoint of ForkCMS versions prior to 5.8.3. A remote authenticated attacker can exploit this vulnerability to execute malicious code...
CVE-2020-24914
A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...
CVE-2020-24914
A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
Cross site request forgery (csrf)
A PHP object injection bug in profile.php in qcubed all versions including 3.1.1 unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request...