Tomato Free Fiction App Has Denial of Service Vulnerability

Tomato Free Novels app is a novel reader that focuses on genuine novels. Tomato Free Novels app has a denial of service vulnerability where an attacker uses a tool to build malformed serialized Intent data to launch the app causing it to crash...

(0Day) (Pwn2Own) Inductive Automation Ignition ServerMessageHeader Deserialization of Untrusted Data Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized data. The issue results in the lack of...

CVE-2020-12000

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to...

Deserialization of untrusted data

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to...

CVE-2020-12000

The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway versions prior to 8.0.10 and Ignition 7 Gateway versions prior to...

Arbitrary Code Execution

portal-impl is vulnerable to arbitrary code execution. The library allows untrusted deserialization of serialized data, potentially allowing an attacker to inject arbitrary objects during deserialization which can result in arbitrary code execution...

Inductive Automation Ignition Code Issue Vulnerability

Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, USA. The platform supports SCADA data acquisition and monitoring systems, HMI human machine interface and more. A code issue vulnerability exists in the handling of serialized da...

PHP Object Injection

intelliants/subrion is vulnerable to PHP object injection. The vulnerability exists through the serialized data in the subpages value within admin/blocks.php to block/edit...

Subrion CMS Code Issue Vulnerability

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into a website and supports a variety of extensions plugins and more. A security vulnerability exists in the admin/blocks.php file in Subrion CMS 4.2.1 and earlier versions. An attacker ca...

CVE-2020-12469

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...

CVE-2020-12469

Subrion CMS ≤ 4.2.1 is affected by a PHP Object Injection vulnerability in admin/blocks.php. The issue arises from serialized data in the subpages value when interacting with blocks/edit, enabling object injection and potentially deletion of files. The Red Hat and CVE records corroborate the same...

CVE-2020-12469

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...

CVE-2016-7124

ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct call or 2 magic method call...

CVE-2013-4521

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-216...

CVE-2013-4521

RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-216...

CVE-2019-16772

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

Cross site scripting

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting XSS. It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of...

CVE-2019-16772

The CVE-2019-16772 entry concerns the npm package serialize-to-js, with versions before 3.0.1 vulnerable to XSS due to unsafe characters in serialized regular expressions. Node.js environments are not affected because RegExp.prototype.toString() escapes forward slashes, but non-Node.js environmen...

CVE-2019-18631

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 18.8, 3.5.2 18.11, and 3.6.0 19.6 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers...

Design/Logic Flaw

The Windows component of Centrify Authentication and Privilege Elevation Services 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1 18.8, 3.5.2 18.11, and 3.6.0 19.6 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows attackers...