CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. Recen...

Windows unmarshal post exploitation

This module exploits a local privilege escalation bug which exists in microsoft COM for windows when it fails to properly handle serialized objects. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...

Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

CVE-2018-8349

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

EUVD-2018-20000

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

Microsoft COM for Windows Remote Code Execution Vulnerability

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. COM is one of the COM program writing components. A remote code execution vulnerability exists in Microsoft COM for Windows, which stems from the program not properly handling serialize...

Microsoft COM for Windows Remote Code Execution Vulnerability

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could...

CVE-2018-1000525

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This...

Microsoft COM for Windows - Privilege Escalation Exploit

Exploit for windows platform in category local exploits Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exis...

Microsoft COM for Windows - Privilege Escalation

Microsoft COM for Windows - Privilege Escalation Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exists in...

Microsoft COM for Windows - Privilege Escalation

Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to...

Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)

Summary Websphere Application Server WAS Full profile is shipped as a component of Jazz for Service Management JazzSM and WAS has been affected by multiple security vulnerabilities. Vulnerability Details CVEID: CVE-2017-1121 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-sit...

Security Bulletin: WebSphere Application Server vulnerability in IBM Content Collector for Email

Summary IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources in IBM Content Collector for Email. Vulnerability Details CVEID: CVE-2016-8919 DESCRIPTION: IBM WebSphere...

Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)

Summary There is a potential denial of service with WebSphere Application Server with SOAP connectors. Important information was added to the Remediation/Fixes section on February 22, 2017. Vulnerability Details Important information was added to the Remediation/Fixes section on February 22, 2017...

Design/Logic Flaw

The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may b...

Multiple Wordpress Plugin PHP Object Injection Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple Wordpress plugins suffer from a PHP object injection vulnerability that stems from a failure to adequately validate...

CVE-2018-0824

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

CVE-2018-0824

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

Microsoft COM for Windows Remote Code Execution Vulnerability

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could...

Open Web Analytics < 1.5.7 PHP Object Injection Vulnerability

Open Web Analytics is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...