Lucene search
K

536 matches found

CNVD
CNVD
added 2018/05/21 12:0 a.m.3 views

Adobe ColdFusion Untrusted Data Deserialization Vulnerability

Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. Adobe ColdFusion has an untrustworthy data deserialization vulnerability. An attacker could exploit this...

10CVSS7.5AI score0.63304EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/01/23 1:29 a.m.1 views

CVE-2017-17406

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by defaul...

9.8CVSS6.5AI score0.04576EPSS
Exploits0References3
OSV
OSV
added 2017/12/01 8:29 a.m.6 views

CVE-2017-11283

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

9.8CVSS5.8AI score0.42721EPSS
Exploits3References3
NVD
NVD
added 2017/12/01 8:29 a.m.25 views

CVE-2017-11284

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

9.8CVSS9.5AI score0.42721EPSS
Exploits1References3
Cvelist
Cvelist
added 2017/12/01 8:0 a.m.28 views

CVE-2017-11283

Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11...

9.6AI score0.42721EPSS
Exploits3References3
CVE
CVE
added 2017/12/01 8:0 a.m.100 views

CVE-2017-11283

CVE-2017-11283 is a Java deserialization flaw in Adobe ColdFusion's insecure handling of untrusted data (notably via DataServicesCFProxy). Affected: ColdFusion 2016 Update 4 and earlier; ColdFusion 11 Update 12 and earlier. The root cause is unsafe deserialization which could allow remote code ex...

9.8CVSS9.3AI score0.42721EPSS
Exploits3References3Affected Software1
Veracode
Veracode
added 2017/09/28 9:44 a.m.7 views

Authorization Bypass

schmittjoh/serializer is vulnerable to authorization bypass. The library ignores the context groups that specify the types of data that can be deserialized. This is only applicable when the groups function is used to specify what data can be deserialized...

6.6AI score
Exploits0
Debian CVE
Debian CVE
added 2017/07/05 3:0 p.m.20 views

CVE-2017-2295

Versions of Puppet prior to 4.10.1 will deserialize data off the wire from the agent to the server, in this case with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constrains the format of...

8.2CVSS6.9AI score0.02375EPSS
Exploits0
Veracode
Veracode
added 2017/06/15 8:40 a.m.9 views

Remote Code Execution (RCE)

Tablib is vulnerable to remote code execution RCE. These attacks are possible because untrusted data is deserialized allowing attacks to execute python code...

8AI score
Exploits0
OpenVAS
OpenVAS
added 2016/06/15 12:0 a.m.1090 views

RMI Java Deserialization RCE Vulnerability (Jun 2016) - Active Check

The remote host is affected by a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

10CVSS9.5AI score0.13268EPSS
Exploits2References1
Saint
Saint
added 2016/02/03 12:0 a.m.86 views

IBM WebSphere Management Server Apache Commons

Added: 02/03/2016 CVE: CVE-2015-7450 Background IBM WebSphere Management console 7.x and 8.5.0 - 8.5.5.7 are packaged with a vulnerable version of the Apache Commons package. Problem Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

10CVSS10AI score0.97655EPSS
Exploits10
Saint
Saint
added 2016/02/03 12:0 a.m.83 views

IBM WebSphere Management Server Apache Commons

Added: 02/03/2016 CVE: CVE-2015-7450 Background IBM WebSphere Management console 7.x and 8.5.0 - 8.5.5.7 are packaged with a vulnerable version of the Apache Commons package. Problem Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

10CVSS10AI score0.97655EPSS
Exploits10
Saint
Saint
added 2016/02/03 12:0 a.m.69 views

IBM WebSphere Management Server Apache Commons

Added: 02/03/2016 CVE: CVE-2015-7450 Background IBM WebSphere Management console 7.x and 8.5.0 - 8.5.5.7 are packaged with a vulnerable version of the Apache Commons package. Problem Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

10CVSS10AI score0.97655EPSS
Exploits10
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/08/20 6:53 a.m.2 views

Apache Tapestry deserializes untrusted data

Overview Apache Tapestry contains a vulnerability where it may deserialize untrusted data. Apache Tapestry is a framework for creating Java web applications. Apache Tapestry contains an interface where client side serialized data sent to the server is deserialized after it is received by the...

7.8CVSS7.2AI score0.09598EPSS
Exploits1References8
Prion
Prion
added 2015/01/23 3:59 p.m.23 views

Deserialization of untrusted data

The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to 1 add a user by uploading a crafted CSV file or 2 activate a user account via a verifyit action...

5CVSS7.1AI score0.07797EPSS
Exploits4References3Affected Software1
Snyk
Snyk
added 2014/09/08 9:0 p.m.4 views

Unsafe Object Deserialization

Overview Affected versions of this package are vulnerable to Unsafe Object Deserialization. POC The exploitable code: js hasOwnProperty.constructor.prototype.valueOf = valueOf.call; "a", "alert1".sorthasOwnProperty.constructor; The exploit: - 1. Array.sort takes a comparison function and passes i...

7.4CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder