CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

282 matches found

Prion•added 2017/09/19 3:29 p.m.•18 views

Design/Logic Flaw

The wikidecode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object...

6.5CVSS7.3AI score0.03097EPSS

Exploits3References3Affected Software1

Packet Storm•added 2017/09/15 12:0 a.m.•43 views

Astaro Security Gateway 7 Remote Code Execution

!/usr/bin/python Astaro Security Gateway v7 - Unauthenticated Remote Code Execution Exploit Authors: Jakub Palaczynski and Maciej Grabiec Tested on versions: 7.500 and 7.506 Date: 13.12.2016 Vendor Homepage: https://www.sophos.com/ CVE: CVE-2017-6315 import socket import sys import os import...

0.3AI score0.16568EPSS

Exploits4

exploitpack•added 2017/09/13 12:0 a.m.•30 views

Astaro Security Gateway 7 - Remote Code Execution

Astaro Security Gateway 7 - Remote Code Execution !/usr/bin/python Astaro Security Gateway v7 - Unauthenticated Remote Code Execution Exploit Authors: Jakub Palaczynski and Maciej Grabiec Tested on versions: 7.500 and 7.506 Date: 13.12.2016 Vendor Homepage: https://www.sophos.com/ CVE:...

10CVSS0.3AI score0.16568EPSS

Exploits4

Exploit DB•added 2017/09/13 12:0 a.m.•60 views

Astaro Security Gateway 7 - Remote Code Execution

10CVSS9.7AI score0.16568EPSS

Exploits4

Positive Technologies•added 2017/07/12 12:0 a.m.•2 views

PT-2017-19212 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver version 7400.12.21.30308 Description: The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to the "metadatauploader" API endpoint...

7.5CVSS9.7AI score0.05513EPSS

Exploits0References6

UbuntuCve•added 2017/07/06 4:29 p.m.•19 views

CVE-2016-4000

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object...

9.8CVSS7.5AI score0.0657EPSS

Exploits0References1

NVD•added 2017/04/11 4:59 p.m.•18 views

CVE-2016-0779

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object...

9.8CVSS9.6AI score0.0987EPSS

Exploits0References6

Prion•added 2017/04/11 4:59 p.m.•22 views

Code injection

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object...

7.5CVSS8.1AI score0.0987EPSS

Exploits0References6Affected Software1

OSV•added 2017/04/11 4:59 p.m.•26 views

CVE-2016-0779

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object...

9.8CVSS7.8AI score

Exploits0References6

Veracode•added 2017/03/27 2:11 p.m.•19 views

Remote Code Execution (RCE)

airflow is vulnerable to remote code execution RCE. The package uses the pickle Python module unsafely, allowing remote attackers to execute code through a serialized object...

8.8CVSS9.1AI score0.02044EPSS

Exploits0References2Affected Software2

OSV•added 2017/02/22 4:59 p.m.•5 views

CVE-2017-5586

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...

9.8CVSS6AI score0.22548EPSS

Exploits5References3