Lucene search
K

292 matches found

Packet Storm
Packet Storm
added 2023/07/31 12:0 a.m.325 views

GreenShot 1.2.10 Arbitrary Code Execution

Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Date: 26/07/2023 Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE :...

7.1AI score0.07685EPSS
Exploits7
Github Security Blog
Github Security Blog
added 2023/07/25 3:30 p.m.37 views

Remote code execution in Apache Jackrabbit

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

9.8CVSS10AI score0.02657EPSS
Exploits0References6Affected Software3
OSV
OSV
added 2023/07/25 3:15 p.m.24 views

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

9.8CVSS10AI score
Exploits0References4
Prion
Prion
added 2023/07/25 3:15 p.m.33 views

Deserialization of untrusted data

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

7.5CVSS10AI score0.02657EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2023/07/25 3:15 p.m.40 views

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

9.8CVSS7.6AI score0.02657EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/07/25 2:2 p.m.25 views

CVE-2023-37895 Apache Jackrabbit RMI access can lead to RCE

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

10AI score0.02657EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/07/25 2:2 p.m.74 views

CVE-2023-37895

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

9.8CVSS10AI score0.02657EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/21 12:0 a.m.33 views

Netwrix Auditor < 10.5 Insecure Object Deserialization

The version of Netwrix Auditor installed on the remote Windows host is prior to 10.5. It is, therefore, affected by an insecure object deserialization vulnerability: - Netwrix Auditor is vulnerable to an insecure object deserialization issue that is caused by an unsecured .NET remoting service. A...

9.8CVSS9.8AI score0.36152EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/06/14 2:15 p.m.3 views

CVE-2023-35116

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...

4.7CVSS7.2AI score0.00352EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/21 3:48 p.m.7 views

CVE-2023-2141 Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022

An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution...

8.5CVSS8.9AI score0.01044EPSS
Exploits0References1
CVE
CVE
added 2023/04/21 3:48 p.m.49 views

CVE-2023-2141

CVE-2023-2141 concerns an unsafe .NET object deserialization in DELMIA Apriso (2017–2022) that could lead to post-authentication remote code execution. Root cause: deserialization of untrusted .NET objects in the affected DELMIA Apriso releases. Impact is described as remote code execution with h...

8.8CVSS8.9AI score0.01044EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2023/03/01 10:14 a.m.64 views

Deserialization Of Untrusted Object

litedb is vulnerable to Deserialization Of Untrusted Objects. The vulnerability is caused by differing types in JSON documents, when a JSON document contains BsonDocument types, the library converts them to POCO. If an attacker can send a plain JSON string, they can inject and execute arbitrary...

9.8CVSS9.3AI score0.00699EPSS
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2023/02/09 12:0 a.m.412 views

Fortra GoAnywhere MFT Unsafe Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortra GoAnywhere MFT Unsafe Deserialization RCE', 'Description' = %q This module exploits CVE-2023-0669, which is an object deserialization...

0.5AI score0.99999EPSS
Exploits12
Vulnrichment
Vulnrichment
added 2022/10/14 12:0 a.m.6 views

CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...

9.1CVSS9.4AI score0.01579EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/09/01 12:0 a.m.15 views

Debian: Security Advisory (DLA-3090-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS7.9AI score0.70276EPSS
Exploits1References3
Debian
Debian
added 2022/08/31 8:47 a.m.24 views

[SECURITY] [DLA 3090-1] php-horde-turba security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3090-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 31, 2022 https://wiki.debian.org/LTS -...

8CVSS7.8AI score0.70276EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/07/28 10:15 p.m.3 views

CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...

8CVSS7.5AI score0.70276EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/07/05 12:0 a.m.44 views

Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities

The version of Siemens SINEC NMS Server installed on the remote host is affected by multiple vulnerabilities, including the following: - A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA...

9.1CVSS7.7AI score0.46587EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2022/06/28 12:0 a.m.8 views

PHP Object Deserialization

Serialization is the process of converting an object to a stream of bytes, in order to store or send it through the network. By opposition, deserialization is the process of reconstructing an object from this stream of bytes. When PHP web applications use the unserialize function to perform...

8.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/06/02 12:0 a.m.4 views

PT-2022-4811 · Horde · Horde Groupware Webmail Edition

Name of the Vulnerable Software and Affected Versions: Horde Groupware Webmail Edition versions 5.2.22 and earlier Description: The issue allows for a reflection injection attack, leading to arbitrary deserialization of PHP objects. This can be exploited by an authenticated user to execute...

8CVSS8AI score0.70276EPSS
Exploits1References27
Rows per page
Query Builder