292 matches found
GreenShot 1.2.10 Arbitrary Code Execution
Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Date: 26/07/2023 Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE :...
Remote code execution in Apache Jackrabbit
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...
CVE-2023-37895
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...
Deserialization of untrusted data
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...
CVE-2023-37895
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...
CVE-2023-37895 Apache Jackrabbit RMI access can lead to RCE
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...
CVE-2023-37895
Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...
Netwrix Auditor < 10.5 Insecure Object Deserialization
The version of Netwrix Auditor installed on the remote Windows host is prior to 10.5. It is, therefore, affected by an insecure object deserialization vulnerability: - Netwrix Auditor is vulnerable to an insecure object deserialization issue that is caused by an unsecured .NET remoting service. A...
CVE-2023-35116
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure...
CVE-2023-2141 Unsafe .NET object deserialization affecting DELMIA Apriso Release 2017 through Release 2022
An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution...
CVE-2023-2141
CVE-2023-2141 concerns an unsafe .NET object deserialization in DELMIA Apriso (2017–2022) that could lead to post-authentication remote code execution. Root cause: deserialization of untrusted .NET objects in the affected DELMIA Apriso releases. Impact is described as remote code execution with h...
Deserialization Of Untrusted Object
litedb is vulnerable to Deserialization Of Untrusted Objects. The vulnerability is caused by differing types in JSON documents, when a JSON document contains BsonDocument types, the library converts them to POCO. If an attacker can send a plain JSON string, they can inject and execute arbitrary...
Fortra GoAnywhere MFT Unsafe Deserialization Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Fortra GoAnywhere MFT Unsafe Deserialization RCE', 'Description' = %q This module exploits CVE-2023-0669, which is an object deserialization...
CVE-2022-39311 Compromised agents may be able to execute remote code on GoCD Server
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 are vulnerable to remote code execution on the server from a malicious or compromised agent. The Spring RemoteInvocation...
Debian: Security Advisory (DLA-3090-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3090-1] php-horde-turba security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3090-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 31, 2022 https://wiki.debian.org/LTS -...
CVE-2022-30287
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects...
Siemens SINEC NMS < V1.0 SP2 Update 1 Multiple Vulnerabilities
The version of Siemens SINEC NMS Server installed on the remote host is affected by multiple vulnerabilities, including the following: - A vulnerability has been identified in SINEC NMS All versions V1.0 SP2 Update 1. The affected system allows to upload JSON objects that are deserialized to JAVA...
PHP Object Deserialization
Serialization is the process of converting an object to a stream of bytes, in order to store or send it through the network. By opposition, deserialization is the process of reconstructing an object from this stream of bytes. When PHP web applications use the unserialize function to perform...
PT-2022-4811 · Horde · Horde Groupware Webmail Edition
Name of the Vulnerable Software and Affected Versions: Horde Groupware Webmail Edition versions 5.2.22 and earlier Description: The issue allows for a reflection injection attack, leading to arbitrary deserialization of PHP objects. This can be exploited by an authenticated user to execute...