270 matches found
VecStorage Deserialize Allows Violation of Length Invariant
The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...
CVE-2021-33898
Invoice Ninja before 4.4.0 has an unsafe unserialize() call in app/Ninja/Repositories/AccountRepository.php which can let an attacker deserialize arbitrary PHP classes. In certain contexts this may lead to remote code execution. The attack input is tied to http://www.geoplugin.net (plain HTTP), a...
VecStorage Deserialize Allows Violation of Length Invariant
The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...
RUSTSEC-2021-0070 VecStorage Deserialize Allows Violation of Length Invariant
The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...
RUSTSEC-2021-0089 Optional `Deserialize` implementations lacking validation
When activating the non-default feature serialize, most structs implement serde::Deserialize without sufficient validation. This allows breaking invariants in safe code, leading to: Undefined behavior in asstring methods which use std::str::fromutf8unchecked internally. Panics due to failed...
Remote code execution
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an destruct magic metho...
CLSA-2020-1605798462 Fix of 227 CVE
Fix bug 69720: Null pointer dereference in phargetfpoffset - Fix bug 70728: Type Confusion Vulnerability in PHPtoXMLRPCworker - Fix bug 70661: Use After Free Vulnerability in WDDX Packet Deserialization - Fix bug 70741: Session WDDX Packet Deserialization Type Confusion Vulnerability - Fix bug...
CVE-2020-25258
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP messages...
Hyland OnBase Bytecode Execution Vulnerability
Hyland OnBase is an enterprise information platform for managing your content, processes and cases. Hyland OnBase has a bytecode execution vulnerability that stems from a problem with the way OnBase uses ASP.NET BinaryFormatter.Deserialize, which can be exploited by an attacker to transmit and...
Denial Of Service (DoS)
serialize-to-js is vulnerable to denial of service DoS. The vulnerability exists as the unvalidated user input could cause an infinite loop in the deserialize function...
skia:image_filter_deserialize_width: Crash in SkReader32::readInt
Project: https://skia.googlesource.com/skia.git Detailed Report: https://oss-fuzz.com/testcase?key=5752574451122176 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: imagefilterdeserializewidth Job Type: libfuzzerasanskia Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x60608103762...
Kentico CMS 12.0.14 Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML inp...
Kentico CMS 12.0.14 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kentico CMS Staging SyncServer Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the Kentico CMS...
Kentico CMS Staging SyncServer Unserialize Remote Command Execution
This module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote Command Execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passe...
firefox:CompositorManagerParentIPC: Crash in mozilla::layers::TextureReadLock::AddRef
Detailed Report: https://oss-fuzz.com/testcase?key=5692629583134720 Project: firefox Fuzzing Engine: libFuzzer Fuzz Target: CompositorManagerParentIPC Job Type: libfuzzerasanfirefox Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x21807fff8001 Crash State:...
CVE-2019-17210
A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString is called by the function MQTTDeserializepublish to get the length and content of the MQTT topic name. In the function readMQTTLenString, mqttstring-lenstring.len is a part of us...
CVE-2019-0189
The CVE-2019-0189 issue affects Apache OFBiz via two dependencies (commons-beanutils and an outdated commons-fileupload). It uses Java deserialization in the HttpEngine: the request parameter serviceContext is passed to XmlSerializer.deserialize, enabling remote code execution through java.io.Obj...
CVE-2018-11779
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...
The vulnerability of the unit_deserialize component in Systemd allows a malicious actor to elevate their privileges to the root level.
The vulnerability of the unitdeserialize component in Systemd relates to the restoration of a dubious data structure in memory. Exploiting this vulnerability allows an attacker, operating remotely, to elevate their privileges to the root level...
Shopware createInstanceFromNamedArguments PHP Object Instantiation Exploit
This Metasploit module exploits a php object instantiation vulnerability that can lead to remote code execution in Shopware. An authenticated backend user could exploit the vulnerability. The vulnerability exists in the createInstanceFromNamedArguments function, where the code insufficiently...