CVE-2026-25551 Seagull Software BarTender Deserialization Privilege Escalation via .NET Remoting Service

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...

CVE-2026-25550

Seagull Software BarTender 2010, 2016, and 2019 expose an unauthenticated .NET Remoting service on TCP port 7375 (BtSystem.Service.exe). BarTenderSystem (BarTender 2016 ≤ R9) and DataServiceSingleton (BarTender 2019 ≤ R10) are registered as unauthenticated singleton endpoints configured with Bina...

CVE-2026-2039

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2026-2039 GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the...

CVE-2026-23746

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

CVE-2024-53914

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...

CVE-2024-53913

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...

CVE-2024-53915

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communication platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.2 that originates from untrusted data received on the .NET Remoting TCP port th...

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communication platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.2 that originates from untrusted data received on the .NET Remoting TCP port th...

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communication platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.2 that originates from untrusted data received on the .NET Remoting TCP port th...

PT-2024-10285 · Veritas · Veritas Enterprise Vault

Name of the Vulnerable Software and Affected Versions: Veritas Enterprise Vault versions prior to 15.2 Description: An issue was discovered in the server that allows remote attackers to execute arbitrary code because untrusted data received on a .NET Remoting TCP port is deserialized. This is...

GE MDS PulseNET Insecure Deserialization (CVE-2018-10611)

An insecure deserialization vulnerability has been reported in GE MDS PulseNET and PulseNET Enterprise. The vulnerability is due to deserialization of untrusted data on a JBoss Remoting port. Successful exploitation can result in arbitrary code execution in the context of the user running PulseNE...

Denial Of Service (DoS)

jboss-remoting is vulnerable to denial of service. An insecure implementation of the org.jboss.remoting.transport.socket.ServerThread class allows a remote attacker to exhaust all available file descriptors on the target server and deny all subsequent connections. In order for this vulnerability ...