CVE-2022-0749

The CVE-2022-0749 entry affects all versions of SinGooCMS.Utility. The vulnerability originates from the socket client (SocketClient.cs) in SinGooCMS.Utility, where payloads can be delivered through user-controlled input after a connection is established. This happens because the transmission pat...

SinGooCMS.Utility 代码问题漏洞

SinGooCMS.Utility is a collection of tools for individual developers of SinGooCMS in China. Utility is a collection of tools for individual developers of SinGooCMS in China. It includes tools for configuration, files, dates, data, serialization, reflection, image processing, networking, caching,...

CODESYS Development System ObjectManager.plugin ObjectStream.ProfileByteArray Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file t...

CODESYS Development System PackageManagement.plugin ExtensionMethods.Clone() Unsafe Deserialization vulnerability

Summary An unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this...

Insecure deserialization in Wire

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...

Information disclosure

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...

CVE-2021-29508 Insecure deserialization in Wire

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...

CVE-2021-29508

CVE-2021-29508 affects Wire and its fork, due to insecure handling of type information in its serialization format. The vulnerability allows a deserializer to be influenced by a malicious payload, potentially enabling the creation of any type on the receiving end. Public descriptions across Red H...

CVE-2020-25258

An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages...

Hyland OnBase Bytecode Execution Vulnerability

Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase has a bytecode execution vulnerability that stems from a problem with the way OnBase uses ASP.NET BinaryFormatter.Deserialize, which can be exploited by an attacker to transmit and...

September 24, 2019 — KB4515841 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709

September 24, 2019 — KB4515841 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1709 includes cumulative reliability improvements in Microsoft .NET Framework 4....

CVE-2019-18211

An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...

CVE-2019-18211

An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...

Deserialization of untrusted data

An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user...

September 26, 2019 — KB4515871 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 version 1903 and Windows 10 version 1909

September 26, 2019 — KB4515871 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 version 1903 and Windows 10 version 1909 Release Date: September 26, 2019 Version: .NET Framework 3.5 and 4.8 The September 26, 2019, update for Windows 10, version 1903 and Windows 10, version 1909...

September 24, 2019 — KB4515840 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703

September 24, 2019 — KB4515840 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703 Release Date: September 24, 2019 Version: .NET Framework 4.8 The September 24, 2019, update for Windows 10, version 1703 includes cumulative reliability improvements in Microsoft .NET Framework 4....

. NET advanced code audit of the nine classes BinaryFormatter deserialization vulnerability-vulnerability warning-the black bar safety net

The BinaryFormatter and SoapFormatter two classes the difference between the data streams of different formats, other features on both about the same, the BinaryFormatter is located in the namespace System. Runtime. Serialization. Formatters. Binary it is the direct use of binary the way the obje...

For ASP. NET resource files. RESX and deserialization vulnerability research-exploit warning-the black bar safety net

ASP. NET application resource files are typically used as a localized storage, they can be used to store user interface elements or can be easily translated string to1. These resource files are generally used. resx as the file expansion name, and when they are in. resources as files to expand the...

Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution Exploit

Exploit for windows platform in category remote exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1081 Windows: ManagementObject Arbitrary .NET Serialization RCE Platform: .NET 4.6, Powershell 4. Tested between Server 2016 and Windows 10 Anniversary Edition Class: Remote...

Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution

Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1081 Windows: ManagementObject Arbitrary .NET Serialization RCE Platform: .NET 4.6, Powershell 4. Tested between Server 2016 and Windows 10...