Lucene search
+L

609 matches found

cve
cve
added 2018/05/02 10:0 p.m.80 views

CVE-2018-0253

Cisco Secure Access Control System (ACS) is affected by CVE-2018-0253 in the ACS Report component. The issue stems from insufficient validation of the Action Message Format (AMF) protocol, allowing an unauthenticated, remote attacker to execute arbitrary commands on the ACS device, with commands ...

10CVSS9.6AI score0.06984EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2018/05/02 10:0 p.m.9 views

CVE-2018-0253

A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...

7.7AI score0.06984EPSS
Exploits0References3
cisco
cisco
added 2018/05/02 4:0 p.m.56 views

Cisco Secure Access Control System Remote Code Execution Vulnerability

A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...

9.8CVSS9.7AI score0.06984EPSS
Exploits0References1
seebug
seebug
added 2018/03/30 12:0 a.m.273 views

Adobe ColdFusion 反序列化漏洞(CVE-2017-3066)

Exploiting Adobe ColdFusion before CVE-2017-3066 In a recent penetration test my teammate Thomas came across several servers running Adobe ColdFusion 11 and 12. Some of them were vulnerable to CVE-2017-3066 but no outgoing TCP connections were possible to exploit the vulnerability. He asked me...

7.5CVSS8.9AI score0.90597EPSS
Exploits14
nessus
nessus
added 2018/03/27 12:0 a.m.14 views

openSUSE Security Update : libmodplug (openSUSE-2018-306)

This update for libmodplug fixes the following issues : Several security and non security issues where fixed : - Update to version 0.8.9.0+git20170610.f6dd59a boo1022032 : - PSM: add missing line to commit - ABC: prevent possible increment of p past end - ABC: ensure read pointer is valid before...

5.5AI score
Exploits0References1
myhack58
myhack58
added 2018/03/12 12:0 a.m.62 views

Nessus plug-in“arms”tutorial-vulnerability warning-the black bar safety net

! Overview In a recent internal penetration test, we need to use a Java two-stage deserialization vulnerability. In this article, we will tell you how to transform the Nessus plugin, because the plugin was originally only the use of an existing RCE vulnerability, but we will teach you how to...

7.4AI score
Exploits0
exploitdb
exploitdb
added 2018/02/07 12:0 a.m.129 views

Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution

Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe Coldfusion 11.0.03.292866 Tested On: Windows 10 Enterprise 10.0.15063 CVE: CVE-2017-3066...

10CVSS9.5AI score0.90597EPSS
Exploits6
nvd
nvd
added 2017/12/28 3:29 p.m.26 views

CVE-2017-5641

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

9.8CVSS9.7AI score0.21274EPSS
Exploits4References8
prion
prion
added 2017/12/28 3:29 p.m.28 views

Deserialization of untrusted data

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

7.5CVSS9.6AI score0.21274EPSS
Exploits4References8Affected Software2
cvelist
cvelist
added 2017/12/28 3:0 p.m.41 views

CVE-2017-5641

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

9.7AI score0.21274EPSS
Exploits4References8
cve
cve
added 2017/12/28 3:0 p.m.247 views

CVE-2017-5641

CVE-2017-5641 is an insecure-deserialization issue in Apache Flex BlazeDS (AMF3) affecting BlazeDS

9.8CVSS9.5AI score0.21274EPSS
Exploits4References8Affected Software1
openbugbounty
openbugbounty
added 2017/10/26 1:43 p.m.11 views

amf-assurances.fr XSS vulnerability

Open Bug Bounty ID: OBB-369507 Description| Value ---|--- Affected Website:| amf-assurances.fr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score
Exploits0
cnvd
cnvd
added 2017/09/04 12:0 a.m.11 views

Red5 Media Server Code Execution Vulnerability

Red5 Media Server is an open source and free streaming media server. A security vulnerability exists in AMF unmarshallers in Red5 Media Server versions prior to 1.0.8, which stems from a program that does not restrict classes when performing deserialization. A remote attacker can exploit this...

9.8CVSS9.5AI score0.02717EPSS
Exploits0References1
prion
prion
added 2017/06/08 4:29 p.m.15 views

Deserialization of untrusted data

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data...

7.5CVSS9.8AI score0.02717EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2017/06/08 4:29 p.m.17 views

CVE-2017-5878

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data...

9.8CVSS9.8AI score0.02717EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2017/06/08 4:29 p.m.17 views

CVE-2017-5878

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data...

9.8CVSS7.5AI score0.02717EPSS
Exploits0References3
cvelist
cvelist
added 2017/06/08 4:0 p.m.20 views

CVE-2017-5878

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data...

9.8AI score0.02717EPSS
Exploits0References2
cve
cve
added 2017/06/08 4:0 p.m.56 views

CVE-2017-5878

CVE-2017-5878 affects Red5 Media Server prior to 1.0.8, where AMF unmarshallers do not restrict classes during Java deserialization, enabling remote code execution via crafted serialized data. This vulnerability exists due to insecure deserialization in AMF handling. Affected software: Red5 Media...

9.8CVSS9.7AI score0.02717EPSS
Exploits0References2Affected Software1
osv
osv
added 2017/04/13 2:59 p.m.2 views

DEBIAN-CVE-2015-8270

The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service invalid pointer dereference and process crash...

7.5CVSS6.8AI score0.03155EPSS
Exploits1References1
myhack58
myhack58
added 2017/04/07 12:0 a.m.172 views

Java AMF3 deserialization vulnerability analysis-vulnerability warning-the black bar safety net

AMF Action Message Format is a binary serialization format, before the main Flash application in using this format. Recently, the Code White found to have multiple Java AMF library in the presence of vulnerabilities, and these vulnerabilities will lead to unauthenticated remote code execution...

5CVSS7.4AI score0.0954EPSS
Exploits2
Rows per page
Query Builder