Duplicate Advisory: Remote Code Execution in AjaxNetProfessional

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r7c-6w96-8pvw. This link is maintained to preserve external references. Original Description All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of...

Remote Code Execution in AjaxNetProfessional

Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication sharin...

CVE-2021-23758

All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution...

Deserialization of untrusted data

All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution...

CVE-2021-23758

CVE-2021-23758 describes a deserialization vulnerability in AjaxPro/AjaxNetProfessional allowing remote code execution via untrusted data. The Metasploit module documents an exploit against Windows HTTP AjaxPro deserialization, noting that all AjaxPro versions prior to 21.10.30.1 are vulnerable; ...