453 matches found
Design/Logic Flaw
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...
CVE-2022-46478
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...
CVE-2022-46478
The CVE-2022-46478 issue affects datax-web v1.0.0 and v2.0.0 through v2.1.2. The RPC interface does not perform default permission checks, enabling an attacker to execute arbitrary commands by sending crafted Hessian-serialized data. Impact is described as remote command execution over the networ...
Splunk 代码问题漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...
Delta Electronics InfraSuite Device Master 路径遍历漏洞
Delta Electronics InfraSuite Device Master is a device used to simplify and automate the monitoring of critical equipment from Delta Electronics Taiwan, China. A path traversal vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.01a and prior versions, which stems from allowi...
Remote Code Execution
com.alibaba:hessian-lite is vulnerable to remote code execution. The vulnerability exists due to insecure input validation when processing serialized data in getSerializer and getDeserializer functions in SerializerFactory.java, which allows an attacker to pass specifically crafted data to the...
GitLab 代码问题漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 14.9 to 15.2.5, 15.3 t...
Huawei HarmonyOS deserialization vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, full-scenario distributed operating system. Huawei HarmonyOS is vulnerable to a deserialization vulnerability in the NFC module that results from insecure deserialization of serialized data submitted by th...
Laravel Deserialization Vulnerability (CNVD-2022-59204)
Laravel is a web application framework from the Laravel team.Laravel version 5.1 contains a deserialization vulnerability that stems from insecure deserialization processing of serialized data submitted by the application at the time of receipt, which can be exploited by an attacker to remotely...
Vulnerability Spotlight: How misusing properly serialized data opened TCL LinkHub Mesh Wi-Fi system to 17 vulnerabilities
By Carl Hurd. The TCL LinkHub Mesh Wi-Fi system is a multi-device Wi-Fi system that allows users to expand access to their network over a large physical area. What makes the LInkHub system unique is the lack of a network interface to manage the devices individually or in the mesh. Instead, a phon...
Inductive Automation Ignition 代码问题漏洞
Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, Inc. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface and more. A code issue vulnerability exists in Inductive Automation Ignition...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
log4j: Unsafe deserialization flaw in Chainsaw log viewer
A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run...
多款Keysight Technologies产品代码问题漏洞
Keysight Technologies N6854A Geolocation server and Keysight Technologies N6841A RF Sensor are both products of Keysight Technologies, Inc.Keysight Technologies Keysight Technologies N6854A Geolocation server is a geolocation server.Keysight Technologies N6841A RF Sensor is an RF sensor. It is us...
Subrion CMS PHP Object Injection
admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...
EUVD-2016-8331
Zend/zendexceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service infinite loop via a crafted Exception object in serialized data, a related issue to CVE-2015-8876...
Subrion CMS PHP Object Injection
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request...
GHSA-4J79-4M6Q-77VF Subrion CMS PHP Object Injection
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request...
GHSA-Q9HR-3PG4-3JP4 Improper Input Validation in Apache ActiveMQ
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service JMS ObjectMessage object...