4166 matches found
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution Vulnerabili
The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected...
OSEC-2018-01 An integer overflow in the `bigarray` serialization module leads to arbitrary code execution
Bug description The bigarray module in all recent ocaml versions is capable of reading in serialized marshalled objects from a external source which is often used for network operations and interprocess communication. byterun/bigarray.c Line 458 in ea60609 C b-data = malloceltsize numelts; A...
CVE-2017-13286
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User...
CVE-2018-1295
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...
CVE-2018-1295
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...
Deserialization of untrusted data
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...
CVE-2018-1295
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...
CVE-2018-1295
In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one...
CVE-2018-1295
CVE-2018-1295 affects Apache Ignite 2.3 and earlier. The root cause is the serialization mechanism lacking a whitelist of allowed classes, enabling arbitrary code execution when a crafted serialized object is deserialized at endpoints such as discovery SPI, Ignite persistence, Memcached endpoint,...
Adobe ColdFusion 反序列化漏洞(CVE-2017-3066)
Exploiting Adobe ColdFusion before CVE-2017-3066 In a recent penetration test my teammate Thomas came across several servers running Adobe ColdFusion 11 and 12. Some of them were vulnerable to CVE-2017-3066 but no outgoing TCP connections were possible to exploit the vulnerability. He asked me...
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation / Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here:...
JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...
chromium-browser: buffer overflow in skia
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...
Important: Red Hat Security Advisory: java-1.7.1-ibm security update
An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
What you didn’t know about OWASP Top-10 2017? Part 3/3
This is the last part of my trilogy about OWASP Top-10 2017 risks. Two previous parts one and two described A1-A6 risks and this time I’d like to not just explain A7-A10 risks but also draw an intersection or overlap venn diagram of them. I hope this diagram would clarify why the questions about...
Remote code execution
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...
CVE-2017-1000353
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...
CVE-2017-1000353
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized...
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
Imperva’s research group is constantly monitoring new web application vulnerabilities. In doing so, we’ve noticed at least four major insecure deserialization vulnerabilities that were published in the past year. Our analysis shows that, in the past three months, the number of deserialization...