SUSE CVE-2018-6106

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page...

SUSE CVE-2018-17465

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

Ermir - An Evil Java RMI Registry

Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it list/lookup/bind/rebind/unbind. Requirements Ruby v3 or newer. Installation Install Ermir from rubygems.org: $ gem install ermir or clone the repo and build the gem: $ git...

GHSA-C58C-W527-H77P Deserialization of untrusted data in Apache Cayenne

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

Deserialization of untrusted data in Apache Cayenne

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

CVE-2022-24289

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

Code injection

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

Design/Logic Flaw

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.4 non-authenticated user can remotely instantiate object of any class existing in the GLPI environment that can be used to...

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

GLPI 9.5.3 Unsafe Reflection

Exploit Title: GLPI 9.5.3 - 'fromtype' Unsafe Reflection Date: 2021-02-13 Exploit Author: Vadym Soroka @Iterasec https://iterasec.com Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: =9.5.3 Tested on:v9.5.3, 2021-02-13 Technical...

UBUNTU-CVE-2019-5857

Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

UBUNTU-CVE-2019-5757

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

chromium-browser: Type Confusion in SVG

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

UBUNTU-CVE-2018-6106

An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page...

chromium-browser: Out of bounds memory access in V8

Incorrect array position calculations in V8 in Google Chrome prior to 70.0.3538.102 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

Word-based Malware Attack Doesn’t Use Macros

Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free. The attacks do not...

chromium-browser: type confusion in v8

Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

Remote Code Execution (RCE) Via Deserialization Of Untrusted Data

flex-messaging-core is vulnerable to remote code execution RCE via deserialization of untrusted data. The vulnerability is possible because it has a flaw in AMF deserialization using Externalizable.readExternalObjectInput, allowing attackers to request a RMI remote object from the endpoint and...

Alienvault OSSIM and USM PHP Object Injection Vulnerabilities

AlienVault OSSIM is an open source security information management system.USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. An object injection vulnerability exists in Alienvault OSSIM and USM, which...

OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI...