Lucene search
K

55 matches found

NVD
NVD
added 2018/10/29 12:29 p.m.16 views

CVE-2018-18702

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=importrule because the upfile content is base64 decoded, deserialized, and used for database insertion...

9.8CVSS9.9AI score0.01452EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/10/27 7:0 p.m.19 views

CVE-2018-18702

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=importrule because the upfile content is base64 decoded, deserialized, and used for database insertion...

9.9AI score0.01452EPSS
Exploits1References1
CNVD
CNVD
added 2018/03/14 12:0 a.m.2 views

OSIsoft PI Data Archive Denial of Service Vulnerability (CNVD-2018-05303)

OSIsoft PI Data Archive is an efficient storage and archiving component that enables high performance data retrieval through client software. A denial-of-service vulnerability exists in OSIsoft PI Data Archive 2017 and prior versions, which can be exploited by an unauthenticated attacker to modif...

7.8CVSS7AI score0.0213EPSS
Exploits0References1
CNVD
CNVD
added 2016/10/10 12:0 a.m.12 views

Apache MyFaces Trinidad Remote Code Execution Vulnerability

Apache MyFaces Trinidad is a U.S. Apache Apache Software Foundation contains a large number of enterprise-class component libraries and support for attachment JSF framework. A remote code execution vulnerability exists in CoreResponseStateManager in Apache MyFaces Trinidad, which can be exploited...

9.8CVSS9.7AI score0.07958EPSS
Exploits1References1
Hacker One
Hacker One
added 2016/09/13 6:58 a.m.19 views

Internet Bug Bounty: Memory Corruption in During Deserialized-object Destruction

The bug report at: https://bugs.php.net/bug.php?id=73052 The fix commit at: https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2016/08/02 4:0 p.m.24 views

CVE-2016-5229

Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization...

9.7AI score0.0709EPSS
Exploits0References5
OSV
OSV
added 2016/04/06 11:59 p.m.2 views

CVE-2016-1291

Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192...

9.8CVSS6.2AI score0.06769EPSS
Exploits4References3
Cvelist
Cvelist
added 2016/04/06 11:0 p.m.26 views

CVE-2016-1291

Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192...

9.8AI score0.06769EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2015/12/17 12:0 a.m.721 views

F5 Networks BIG-IP : Java commons-collections library vulnerability (K30518307)

CVE-2015-4852 Java applications that have an endpoint that accepts serialized Java objects, an attacker can combine serializable collections to create arbitrary remote code execution. Based on the FoxGlove, an attack can be done via RMI or HTTP. The vulnerability is actually in InvokerTransformer...

9.8CVSS9.2AI score0.96032EPSS
Exploits17References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.40 views

openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2013:1571-1)

A remote attacker could supply a serialized instance of the DiskFileItem class, which would be deserialized on a server and write arbitrary content to any location on the server that is permitted by the user running the application server process. bnc846174/CVE-2013-2186 %NASLMINLEVEL 70300 C...

7.5CVSS7.2AI score0.12768EPSS
Exploits0References4
NVD
NVD
added 2014/06/04 11:55 p.m.15 views

CVE-2012-6142

Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized...

7.5CVSS7.6AI score0.02718EPSS
Exploits0References3
NVD
NVD
added 2014/06/04 11:55 p.m.17 views

CVE-2012-6143

Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized...

7.5CVSS7.6AI score0.02793EPSS
Exploits0References4
Prion
Prion
added 2014/06/04 11:55 p.m.13 views

Code injection

The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to 1 App::Session::Cookie or 2 App::Session::HTMLHidden, which is not properly handled when it is deserialized...

7.5CVSS8.2AI score0.02326EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/12/23 12:0 a.m.28 views

Debian: Security Advisory (DSA-2827-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.7AI score0.12768EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/10/15 6:30 p.m.40 views

Important: Red Hat Security Advisory: jakarta-commons-fileupload security update

An update for Red Hat JBoss Web Server 1.0.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

7.5CVSS6.8AI score0.12768EPSS
Exploits0References3
Rows per page
Query Builder