110 matches found
EUVD-2011-2084
Malware in sbrugna...
EUVD-2011-2085
Malware in sbrugna...
EUVD-2015-5243
Malware in sbrugna...
EUVD-2015-3321
Malicious code in bioql PyPI...
marshalsec
It is an offensive tool for Java deserialization vulnerabilities. The repository contains a Java tool called "marshalsec" that exploits Java object deserialization vulnerabilities, allowing for remote code execution. The tool includes payload generators for various Java serialization libraries,...
Adobe ColdFusion Deserialization Vulnerability
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution...
Adobe XML External Entity Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe XML External Entity Injection', 'Description' = %q Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2...
org.apache.flex.blazeds:flex-messaging-opt (>=4.7.1 <=4.7.2), org.apache.flex.blazeds:flex-messaging-opt-tomcat4 (>=4.7.1 <=4.7.2) +4 more potentially affected by CVE-2017-5641 via org.apache.flex.blazeds:flex-messaging-core (>=4.7.1 <=4.7.2)
org.apache.flex.blazeds:flex-messaging-core MAVEN version =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.2 Source cves: CVE-2017-5641 Source advisory: OSV:GHSA-W8V7-PRHW-XJPW...
GHSA-W8V7-PRHW-XJPW Apache Flex BlazeDS unsafe deserialization
Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...
Apache Flex BlazeDS unsafe deserialization
Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...
Adobe BlazeDS Information Disclosure Vulnerability
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure...
Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
This is a PoC exploit for CVE-2021-44228, a remote code execution vulnerability in Apache Log4j2. The repository contains a Java application that demonstrates the exploitation of this vulnerability. The application is built using Maven and includes various marshalling libraries that allow for...
marshalsec
This repository is an offensive tool for Java deserialization exploitation. It is a Java-based tool that exploits Java object deserialization vulnerabilities, which can lead to remote code execution RCE and other security issues. The tool includes payload generators for various Java marshalling...
VulnCheck KEV: CVE-2009-3960
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure...
marshalsec
This is a Java-based tool for exploiting Java object deserialization vulnerabilities, specifically targeting BlazeDS AMF Action Message Format versions 0, 3, and X. The tool, named "marshalsec," is designed to test and demonstrate the exploitation of these vulnerabilities, which can lead to remot...
marshalsec
This is a Java-based tool for exploiting Java object deserialization vulnerabilities, specifically targeting various Java open-source marshalling libraries. The tool, named "marshalsec," is designed to unmarshal arbitrary, attacker-supplied types and demonstrate the potential for remote code...
marshalsec
This is a Java-based tool called "marshalsec" that exploits Java object deserialization vulnerabilities in various marshalling libraries. The tool is designed to test and demonstrate the exploitation of these vulnerabilities, which can lead to remote code execution RCE and other security issues...
marshalsec
This repository is an offensive tool for Java deserialization exploitation. It is a Java-based tool for exploiting Java object deserialization vulnerabilities, which can lead to remote code execution RCE and other security issues. The tool includes various payload generators for different Java...
Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation
Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation Date: 2020-08-28 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Version: 3.8.0 Tested on: Windows CVE : N/A !/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0...
Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal
Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal Date: 2020-08-22 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Affected version: =3.8.0 CVE: N/A Eibiz i-Media Server Digital Signage 3.8.0 oldfile File Path Traversal Vendor: EIBIZ Co.,Ltd. Produ...