EUVD-2026-25796

Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname allowlist and allowing arbitrary code to be executed. The fix checks if the class is present in the accepted class...

CVE-2023-40517 LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability

LG SuperSign Media Editor ContentRestController getObject Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this...

PT-2023-27495 · Lg · Lg Supersign Media Editor

Name of the Vulnerable Software and Affected Versions: LG SuperSign Media Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG SuperSign Media Editor. Authentication is not required to exploit this...

Path traversal

The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...

PT-2016-6204 · Apache · Apache Activemq Artemis

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ Artemis versions prior to 1.4.0 Description: The issue allows remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget...

McAfee Virtual Technician ActiveX Control GetObject() Method Remote Command Execution (SB10028)

The remote Windows host has a version of the McAfee Virtual Technician / ePolicy Orchestrator ActiveX control that allows execution of arbitrary code. The 'GetObject' method can be used to load any class on the underlying operating system. For example, by loading the 'WScript.Shell' class,...

Design/Logic Flaw

A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services IIS allows remote attackers to cause a denial of service browser crash via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be...

CVE-2008-4300

CVE-2008-4300 affects a specific ActiveX control in adsiis.dll used by Microsoft Internet Information Services (IIS). The vulnerability allows remote attackers to cause a denial of service (browser crash) by sending a long string as the second argument to the GetObject method. The description not...

CVE-2008-4300

A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services IIS allows remote attackers to cause a denial of service browser crash via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be...