CVE-2023-45146

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

CVE-2023-45146 Remote code execution in XXL-RPC

XXL-RPC is a high performance, distributed RPC framework. With it, a TCP server can be set up using the Netty framework and the Hessian serialization mechanism. When such a configuration is used, attackers may be able to connect to the server and provide malicious serialized objects that, once...

Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...

GHSA-M5Q8-58WH-XXQ4 Drools Core Deserialization of Untrusted Data vulnerability

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

SugarCRM 12.2.0 PHP Object Injection

------------------------------------------------------------------------------- SugarCRM = 12.2.0 DocusignGlobalSettings PHP Object Injection Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions...

Open-Xchange AppSuite 代码问题漏洞

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to manage email, tasks, files, etc. more intuitively. A code issue vulnerability exists in Open-Xchange App Suite that stems from the ability to inject serialized Java objects,...

CVE-2023-28500

A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4 version 11.0.1 and later may...

Security Bulletin: WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is vulnerable to a remote code execution vulnerability. Vulnerability Details CVEID:CVE-2023-23477 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execu...

IBM WebSphere Application Server Code Injection Vulnerability

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform.A code injection vulnerability exists in IBM WebSphere...

CVE-2023-23477

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513...

CVE-2023-23477

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513...

CVE-2023-23477 IBM WebSphere Application Server code execution

IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513...

IBM WebSphere Application Server 代码注入漏洞

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform.A code injection vulnerability exists in IBM WebSphere...

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

CVE-2022-40202

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication...

Remote code execution

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication...

CVE-2022-40202

CVE-2022-40202 affects Delta Electronics InfraSuite Device Master (versions 00.00.01a and prior). The issue is due to unauthenticated deserialization of user-controlled data that allows triggering a backup scheduling function, which can execute arbitrary files/arguments and enable remote code exe...

CVE-2022-1415

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects usually called gadgets and achieve code execution on the server...

PT-2022-5284 · Drools +1 · Drools +1

Name of the Vulnerable Software and Affected Versions: Drools affected versions not specified Description: A flaw was found in Drools core where some utility classes did not use proper safeguards when deserializing data. This allows an authenticated attacker to construct malicious serialized...