55 matches found
CVE-2018-18702
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=importrule because the upfile content is base64 decoded, deserialized, and used for database insertion...
CVE-2018-18702
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=importrule because the upfile content is base64 decoded, deserialized, and used for database insertion...
OSIsoft PI Data Archive Denial of Service Vulnerability (CNVD-2018-05303)
OSIsoft PI Data Archive is an efficient storage and archiving component that enables high performance data retrieval through client software. A denial-of-service vulnerability exists in OSIsoft PI Data Archive 2017 and prior versions, which can be exploited by an unauthenticated attacker to modif...
Apache MyFaces Trinidad Remote Code Execution Vulnerability
Apache MyFaces Trinidad is a U.S. Apache Apache Software Foundation contains a large number of enterprise-class component libraries and support for attachment JSF framework. A remote code execution vulnerability exists in CoreResponseStateManager in Apache MyFaces Trinidad, which can be exploited...
Internet Bug Bounty: Memory Corruption in During Deserialized-object Destruction
The bug report at: https://bugs.php.net/bug.php?id=73052 The fix commit at: https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43...
CVE-2016-5229
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization...
CVE-2016-1291
Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192...
CVE-2016-1291
Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192...
F5 Networks BIG-IP : Java commons-collections library vulnerability (K30518307)
CVE-2015-4852 Java applications that have an endpoint that accepts serialized Java objects, an attacker can combine serializable collections to create arbitrary remote code execution. Based on the FoxGlove, an attack can be done via RMI or HTTP. The vulnerability is actually in InvokerTransformer...
openSUSE Security Update : jakarta-commons-fileupload (openSUSE-SU-2013:1571-1)
A remote attacker could supply a serialized instance of the DiskFileItem class, which would be deserialized on a server and write arbitrary content to any location on the server that is permitted by the user running the application server process. bnc846174/CVE-2013-2186 %NASLMINLEVEL 70300 C...
CVE-2012-6142
Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized...
CVE-2012-6143
Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized...
Code injection
The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to 1 App::Session::Cookie or 2 App::Session::HTMLHidden, which is not properly handled when it is deserialized...
Debian: Security Advisory (DSA-2827-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: jakarta-commons-fileupload security update
An update for Red Hat JBoss Web Server 1.0.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...