log4j: deserialization of untrusted data in SocketServer

A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget...

log4j: deserialization of untrusted data in SocketServer

A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget...

logback: Serialization vulnerability in SocketServer and ServerSocketReceiver

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

PT-2019-5314

Name of the Vulnerable Software and Affected Versions Log4j versions 1.2 up to 1.2.17 Description The issue is related to the deserialization of untrusted data in the SocketServer class of Log4j 1.2, which can be exploited to remotely execute arbitrary code when combined with a deserialization...

CVE-2017-5929

It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to...

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

Code injection

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...

CVE-2017-5929

CVE-2017-5929 – Logback deserialization issue : QOS.ch Logback up to 1.2.0 contains a serialization vulnerability in the SocketServer and ServerSocketReceiver paths. The RemoteStreamAppenderClient, SocketNode, and related classes deserialize data from a Java Socket via ObjectInputStream without v...

Serialization vulnerability

A serialization vulnerability was found in the SocketServer and ServerSocketReceiver components...

PT-2017-3933 · Qos.Ch · Logback

Name of the Vulnerable Software and Affected Versions: QOS.ch Logback versions prior to 1.2.0 Description: The issue is related to a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. This vulnerability allows an attacker to exploit the deserialization of...

Belkin F9K1122v1 1.00.30 - Buffer Overflow (via Cross-Site Request Forgery)

import socket, sys , base64, struct, string, urllib from getopt import getopt as GetOpt, GetoptError from uuid import getnode as getmac import SimpleHTTPServer, SocketServer TIMELINE ''' 3/16/2016 - First Submission to Belkin no response 5/3/2016 - Second Submission to Belkin no response 6/4/2016...

Microsoft Windows 72008 R2 - Remote Kernel Crash

Microsoft Windows 72008 R2 - Remote Kernel Crash !/usr/bin/python win7-crash.py: Trigger a remote kernel crash on Win7 and server 2008R2 infinite loop Crash in KeAccumulateTicks due to NTASSERT/DbgRaiseAssertionFailure caused by an infinite loop. NO BSOD, YOU GOTTA PULL THE PLUG. To trigger it...