Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the encoded array lengths serialization process. An attacker can cause excessive processing time by overriding encoded array lengt...

CVE-2023-6481

A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data...

CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

EUVD-2022-7656

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...

PT-2022-26026 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master versions 00.00.01a and prior Description: The issue concerns a lack of proper authentication for functions that create and modify user groups. An attacker could exploit this by providing malicious...

Apache Airflow < 1.10.11 Multiple Vulnerabilities

The version of Apache Airflow is prior to 1.10.11. It is, therefore, affected by multiple vulnerabilities, including the following: - An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker Redis, RabbitMQ directly, it i...

Remote Code Execution

tapestry-core is vulnerable to remote code execution. Access to the classpath asset files is not restricted, allowing an attacker to guess the path to a known file in the classpath and retrieve the contents. It can also potentially allow the attacker to perform a Java serialization attack if the...

LimeSurvey < 3.16 - Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python Description: LimeSurvey shell.php" -p phar -o /tmp/exploit.jpg PHAR = "\x3c\x3f\x70\x68\x70\x20\x5f\x5f\x48\x41\x4c\x54\x5f\x43\x4f\x4d\x50\x49\x4c\x45\x52\x28\x29\x3b\x20\x3f\x3e\x0d\x0a\x38"...

LimeSurvey &lt; 3.16 - Remote Code Execution

!/usr/bin/python Description: LimeSurvey shell.php" -p phar -o /tmp/exploit.jpg PHAR = "\x3c\x3f\x70\x68\x70\x20\x5f\x5f\x48\x41\x4c\x54\x5f\x43\x4f\x4d\x50\x49\x4c\x45\x52\x28\x29\x3b\x20\x3f\x3e\x0d\x0a\x38"...

LimeSurvey 3.16 - Remote Code Execution

LimeSurvey 3.16 - Remote Code Execution !/usr/bin/python Description: LimeSurvey shell.php" -p phar -o /tmp/exploit.jpg PHAR = "\x3c\x3f\x70\x68\x70\x20\x5f\x5f\x48\x41\x4c\x54\x5f\x43\x4f\x4d\x50\x49\x4c\x45\x52\x28\x29\x3b\x20\x3f\x3e\x0d\x0a\x38"...

Oracle Flexcube Direct Banking Cross-Site Scripting Vulnerability

Oracle Financial Services Applications is a set of core banking, online banking and property management financial services software from Oracle Corporation, of which Oracle FLEXCUBE Direct Banking is an Internet and mobile banking solution component. A cross-site scripting vulnerability exists in...