CVE-2025-0974

A vulnerability was determined in MaxD Lightning Module 4.43/4.44 on OpenCart. This issue affects some unknown processing. Executing a manipulation of the argument liop/md can lead to deserialization. The attack may be launched remotely. The attack requires a high level of complexity. The...

CVE-2025-0734

A vulnerability has been found in yproject RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public an...

CVE-2024-10932

The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...

UBUNTU-CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

EUVD-2024-2974

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

CVE-2024-0654

A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been...

CVE-2024-0603 ZhiCms giftcontroller.php deserialization

A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been...

GHSA-P3R5-X3HR-GPG5 OpenRefine Remote Code execution in project import with mysql jdbc url attack

Summary An remote Code exec vulnerability allows any unauthenticated user to exec code on the server. Details Hi,Team, i find openrefine support to import data from database,When use mysql jdbc to connect to database,It is vulnerable to jdbc url attacks,for example,unauthenticated attacker can ge...

CVE-2023-3234

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been declared as problematic. Affected by this vulnerability is the function putimage of the file api/controller/v1/PublicController.php. The manipulation leads to deserialization. The attack can be launched remotely. The exploit h...

Exploit for Deserialization of Untrusted Data in Alibaba Fastjson

CVE-2022-25845-exploit Try exploiting this CVE by studying so...

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere_Managed_File_Transfer

CVE-2023-0669 This Repo contain the pcakages and scr...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell OW...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Apache Tomcat Deserialization Vulnerability CVE-2020-9484...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell（CVE-2021-44228）related attacks IOCs 源IP使用Apache Log4j RCE尝试攻击，其中包含很大部分Tor节点，详见Attack-IP.md 利用log4j漏洞传播的恶意程序、Botnet等IOC详见IOC-C2.md Snort检测规则详见Snort.md Suricata规则详见Suricata.md...

PT-2021-6084 · Logback +6 · Logback +6

Name of the Vulnerable Software and Affected Versions: logback versions 1.2.7 and prior Description: The issue is related to the deserialization mechanism in the logback library, which can be exploited by an attacker with the required privileges to edit configuration files. This could allow the...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j2-CVE-2021-44228 介绍 Log4J的漏洞复现 软件架构 软件架构说明 安装教程 1. git clone https://gitee.com/demonbhao/log4j2-cve-2021-44228.git 2. 安装JDK1.8.0以下版本 3. 安装maven，打包需要 使用说明 1. 编写你的poc代码块 2. 编译Exploit.java javac Exploit.java 形成Exploit.class 3. 开启LDAP协议 4.开启http服务器，用python简单开启，注意要和被访问的端口一致...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-4428 复现 本DEMO是针对Log4j2 超高危RCE漏洞CVE-2021-4428的复现DEMO，目的是认识该漏洞的危害性并根据您系统的情况做出针对性的防御。 警告 本DEMO只是针对技术层面的研究，不涉及恶意远程计算机侵入方面的相关脚本。请勿利用漏洞进行非法侵入他人计算机的违法活动。否则您将可能承担以下侵权责任： 1. 根据《中华人民共和国治安管理处罚法》第二十九条 对违反国家规定，侵入计算机信息系统，造成危害的，处五日以下拘留;情节较重的，处五日以上十日以下拘留。 2...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4jpwn log4j rce test environment. See: This repository c...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228Apache Log4j Remote Code Execution） all log...