Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/04 11:55 p.m.6 views

CVE-2024-13742

The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. N...

9.8CVSS7.1AI score0.00871EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/06/18 7:52 p.m.4 views

bsh2: remote code execution via deserialization

A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this...

8.1CVSS8.2AI score0.70425EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/10/06 4:18 p.m.6 views

bsh2: remote code execution via deserialization

A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this...

8.1CVSS8.2AI score0.70425EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/06/30 9:6 p.m.3 views

bsh2: remote code execution via deserialization

A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this...

8.1CVSS8.2AI score0.70425EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2015/12/07 8:46 p.m.8 views

apache-commons-collections: InvokerTransformer code execution during deserialisation

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

10CVSS8AI score0.83274EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2015/12/02 5:14 p.m.6 views

apache-commons-collections: InvokerTransformer code execution during deserialisation

It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...

10CVSS8AI score0.83274EPSS
Exploits8References6
Rows per page
Query Builder