221 matches found
CVE-2019-4279 - IBM WebSphere Application Server
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445. – nvd.nist.gov description Recent assessments: jrobles-r7 at May 29, 2019 4:00...
Remote Code Execution (RCE)
RubyGems is vulnerable to remote code execution attacks. YAML deserialization of gem specifications can bypass class white lists. A remote, unauthenticated attacker could create specially crafted, serialized objects to be possibly used for remote code execution...
(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoMsgServlet Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoMsgServlet Java Reflection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoDebugServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoDebugServlet Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
(0Day) Hewlett Packard Enterprise Intelligent Management Center TopoDebugServlet Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SOFA-Hessian Arbitrary Command Execution Vulnerability
SOFA-Hessian is an open source binary serialization protocol . A security vulnerability exists in SOFA-Hessian 4.0.2 and earlier versions, which stems from the program failing to blacklist com.caucho.naming.Qname and com.sun.org.apache.xpath.internal.objects.Xstring. A remote attacker can exploit...
Remote code execution
In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to...
CVE-2018-20717
In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to...
Remote Code Execution (RCE)
richfaces is vulnerable to Remote code Execution RCE attacks. The vulnerability is due to improper Expression Language EL sanitization in the UserResource class. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects gadget chains...
Richfaces 3.x Remote Code Execution
Original report+advisories: TITLE: ==================== Unauthenticated Remote Code execution in WebApps using Richfaces 3.X all versions. RESUME ==================== RichFaces Framework 3.X through 3.3.4 all versions is vulnerable to Expression Language EL Injection via UserResource resource,...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
Cisco Unity Express Arbitrary Command Execution Vulnerability
Cisco Unity is an advanced unified communications solution for enterprise organizations that provides robust messaging and intelligent voice messaging. An arbitrary command execution vulnerability exists in Cisco Unity Express due to unsafe deserialization of user-supplied content by the affected...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
CVE-2018-14667
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
CVE-2018-14667
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
Code injection
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...