CVE-2016-4405

HP Business Service Management (BSM) is affected by a remote code execution vulnerability in the Apache Commons Collections Java deserialization implementation, specifically versions 9.20–9.26. The issue arises from deserializing untrusted data, enabling an attacker to execute arbitrary code in t...

ZTE ZXIPTV-EPG Java Deserialization Vulnerability

ZTE ZXIPTV-EPG A set-top box device from China's ZTE Corporation ZTE. A Java deserialization vulnerability exists in ZTE ZXIPTV-EPG versions prior to 5.09.02.02T4. The vulnerability stems from the server's use of the Apache Commons Collections ACC library in the Java RMI service used, and can be...

CVE-2017-10934

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections ACC library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a...

CVE-2017-10934

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections ACC library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a...

CVE-2017-10934

This CVE (CVE-2017-10934) affects ZTE ZXIPTV-EPG prior to version 5.09.02.02T4. The issue stems from the Java RMI service using the Apache Commons Collections library, leading to Java deserialization vulnerabilities. An unauthenticated remote attacker could trigger code execution on the target ho...

Oracle WebLogic 12.1.2.0 RMI Registry UnicastRef Object Java Deserialization Remote Code Execution

Exploit for multiple platform in category web applications !/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = ''' --------------------------------------------------------------------------------------...

Oracle WebLogic 12.1.2.0 Remote Code Execution

!/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = ''' -------------------------------------------------------------------------------------- Developped by bobsecq: [email protected]...

Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution

!/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = ''' -------------------------------------------------------------------------------------- Developped by bobsecq: [email protected]...

Micro Focus Universal Configuration Management Database Server Cross-Site Request Forgery Vulnerability

Micro Focus Universal Configuration Management Database UCMDB is a suite of database software from Micro Focus UK that stores, controls and manages software and infrastructure components and their interrelationships.UCMDB Server is one of the UCMDB Server is one of the server applications. A...

Micro Focus Universal Configuration Management Database Browser Cross-Site Request Forgery Vulnerability

Micro Focus Universal Configuration Management Database UCMDB is a suite of database software from Micro Focus, UK, that stores, controls and manages software and infrastructure components and their interrelationships.UCMDB Browser is one of the browsers used to access the UCMDB data. UCMDB Brows...

Security Bulletin: Apache Commons Collection Java Deserialization Vulnerability in Multiple N series Products

Summary Multiple N series products incorporate the Apache Commons Collection library. Versions of Apache Commons Collection before 3.2.2 and including 4.0 are susceptible to a vulnerability that could be exploited to allow remote attackers to execute arbitrary commands on the system. Multiple N...

Security Bulletin: Vulnerability in Apache Commons affects IBM Virtualization Engine TS7700 (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Virtualization Engine TS7700. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and IBM Tivoli Storage FlashCopy Manager for VMware (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware IBM Spectrum Protect for Virtual Environments and the IBM Tivoli Storage FlashCopy Manager for VMware IBM...

Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager for Application Diagnostics (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Tivoli Composite Application Manager Agent for Application Diagnostics Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker...

Security Bulletin: Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager Agent for J2EE (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Tivoli Composite Application Manager Agent for J2EE. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute...

Security Bulletin: Vulnerability in Spring Framework for Java Deserialization in Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server (CVE-2015-7450)

Summary A Spring Framework vulnerability for handling Java object deserialization was addressed by Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server. This vulnerability does not have its own CVE number, but is linked to CVE-2015-7450. Vulnerability...

Security Bulletin: Vulnerability in Apache Commons affects IBM Rational Application Developer for WebSphere Software (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute...

Security Bulletin: Vulnerability in Apache Commons affects Rational Directory Server Tivoli and Rational Directory Administrator (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by the Apache Software Foundation and incorporated into an IBM WebSphere Application Server Liberty fixes. Vulnerability Details IBM Rational Directory Server Tivoli and Rational Directory...

Security Bulletin: Vulnerability in Apache Commons could affect IBM QRadar SIEM and IBM QRadar Incident Forensics. (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM QRadar SIEM and IBM QRadar Incident Forensics. Vulnerability Details VULNERABILITY DETAILS CVE-ID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker ...

Security Bulletin: Vulnerability in Apache Commons affects IBM Integration Designer (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Integration Designer. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused ...