770 matches found
Scala 代码问题漏洞
Scala is a Scala 2 compiler and standard library open-sourced by Scala. Scala version 2.13.x prior to 2.13.9 suffers from a code issue vulnerability that stems from a Java deserialization chain in a JAR file, which cannot be exploited and is at risk along with the deserialization of LazyList...
CVE-2022-36944
Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network...
PT-2022-6144 · Scala +1 · Scala +1
Name of the Vulnerable Software and Affected Versions: Scala versions 2.13.x before 2.13.9 Description: The issue is related to errors in data deserialization. It may allow a remote attacker to execute arbitrary code, erase the contents of arbitrary files, or make network connections via a gadget...
CVE-2022-36944
CVE-2022-36944 involves a Java deserialization chain in Scala 2.13.x before 2.13.9. On its own it is not directly exploitable; risk exists when an application deserializes Java objects, enabling an attacker to erase arbitrary files, make network connections, or possibly execute code (notably Func...
CVE-2022-29063 Java Deserialization via RMI Connection from the Solr plugin of Apache OFBiz
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run...
Zoho Password Manager Pro XML-RPC Java Deserialization
This module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain RCE as the SYSTEM user. Module Options msf use...
CVE-2022-29805
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...
CVE-2022-29805
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...
CVE-2022-29805
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...
Deserialization of untrusted data
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...
CVE-2022-29805
CVE-2022-29805 affects Fishbowl Inventory’s Fishbowl Server prior to 2022.4.1, where a Java deserialization flaw allows remote code execution via a crafted XML payload. The NVD/Vuln entries cite CVSSv3.1 base score 9.8 (CRITICAL) with network access, no user interaction, and all three CIA impacts...
CVE-2022-29805
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...
PT-2022-19840 · Unknown · Fishbowl Inventory
Name of the Vulnerable Software and Affected Versions: Fishbowl Inventory versions prior to 2022.4.1 Description: A Java Deserialization issue allows remote attackers to execute arbitrary code via a crafted XML payload. This affects the Fishbowl Server component. Recommendations: For versions pri...
Fishbowl Inventory 代码问题漏洞
Fishbowl Inventory is an inventory optimization business solution integration from Fishbowl USA, Inc. for automating critical business processes and improving efficiency. A security vulnerability exists in Fishbowl Inventory versions prior to 2022.4.1, which stems from a Java deserialization...
Zoho Password Manager Pro XML-RPC Java Deserialization Exploit
This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user. This...
Zoho Password Manager Pro XML-RPC Java Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zoho Password Manager Pro XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Zoho...
CVE-2021-41419
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization...
CVE-2021-41419
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization...
Deserialization of untrusted data
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization...
CVE-2021-41419
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization...