HPE Systems Insight Manager AMF Deserialization Remote Code Execution Exploit

A remotely exploitable vulnerability exists within HPE System Insight Manager SIM version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The...

HPE Systems Insight Manager AMF Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HPE Systems Insight Manager AMF Deserialization RCE', 'Description' = %q A remotely exploitable vulnerability exists within HPE System Insight...

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www.███████/daip/messagebroker/amf

The vulnerability was an unsafe AMF Action Message Format deserialization issue in Apache Flex BlazeDS, affecting the /daip/messagebroker/amf endpoint. Successful exploitation could allow an attacker to trigger a DNS lookup by sending a crafted AMF payload. The vulnerability was identified and...

Red5 Media Server Code Execution Vulnerability

Red5 Media Server is an open source and free streaming media server. A security vulnerability exists in AMF unmarshallers in Red5 Media Server versions prior to 1.0.8, which stems from a program that does not restrict classes when performing deserialization. A remote attacker can exploit this...

Remote Code Execution (RCE) Via Deserialization Of Untrusted Data

flex-messaging-core is vulnerable to remote code execution RCE via deserialization of untrusted data. The vulnerability is possible because it has a flaw in AMF deserialization using Externalizable.readExternalObjectInput, allowing attackers to request a RMI remote object from the endpoint and...