CVE-2019-16112

TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI...

Remote code execution

TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI...

Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution

Summary Apros Evoluation / Furukawa / ConsciusMap is the Tecnored provisioning system for FTTH networks. Complete administration of your entire external FTTH network plant, including from the ONUs installed in each end customer, to the wiring and junction boxes. Unify all the management of your...

CVE-2019-17564

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4,...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 is a remote command execution vulnerability in Oracle WebLogic Server. The exploit code is written in Python and uses the CVE-2018-2628 Weblogic GetShell.py script to exploit the vulnerability. The script sends a specially crafted request to the vulnerable server, which allows an...

Security Bulletin: Vulnerability in Apache Commons affects WebSphere Message Broker and IBM Integration Bus (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed in the Global Cache component of WebSphere Message Broker and IBM Integration Bus Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote...

Security Bulletin: Vulnerability in Apache Commons affects IBM i (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM i. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Sterling Secure Proxy (CVE-2016-3092)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload...

Deserialization of untrusted data

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

CVE-2019-12630 Cisco Security Manager Java Deserialization Vulnerability

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

Deserialization of untrusted data

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...

CVE-2019-14224

An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr...

Deserialization of untrusted data

An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr...

NewStart CGSL CORE 5.04 / MAIN 5.04 : xmlrpc Vulnerability (NS-SA-2019-0037)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xmlrpc packages installed that are affected by a vulnerability: - A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacke...

NewStart CGSL MAIN 4.05 : xmlrpc3 Vulnerability (NS-SA-2019-0136)

The remote NewStart CGSL host, running version MAIN 4.05, has xmlrpc3 packages installed that are affected by a vulnerability: - A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use...

Arbitrary Code Execution

Apache Commons Collections ACC library is vulnerable to Arbitrary Code Execution. The vulnerability is possible because it directly uses ACC, or contains ACC, in the classpath, which allows an attacker to gain read access to unnecessary information in debug messages by sending modified requests...

Command Injection

Jenkins is vulnerable to command injection. The attack exists because it allows an injection of serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

Oracle WebLogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.3 Java Object Deserialization RCE (CVE-2018-3191)

Binary data oracleweblogicservercve20183191.nbin...

Security Bulletin: Vulnerability in Apache Commons affects IBM Fabric Manager (IFM) (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Fabric Manager IFM. Vulnerability Details Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Fabric Manager IFM...

Security Bulletin: Vulnerability in Apache Commons affects IBM System Networking Switch Center (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM System Networking Switch Center. Vulnerability Details Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM System...