Cisco Prime LAN Management Solution Java Object Deserialization RCE (CSCux34647)

The Cisco Prime Lan Management Solution LMS running on the remote web server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by...

Cisco Security Manager Java Object Deserialization RCE (CSCux34671)

The version of Cisco Security Manager running on the remote web server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sendi...

H3C / HPE Intelligent Management Center accessMgrServlet Java Object Deserialization RCE

Binary data hpimccve-2017-5790.nbin...

Atlassian JIRA XXE / Deserialization Vulnerability

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object. SPDX-FileCopyrightText: 2017...

VMSA-2017-0007:VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS

VMSA-2017-0007 VMware vCenter Server updates resolve a remote code execution vulnerability via BlazeDS VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2017-0007 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware vCenter Server updates resolve...

CVE-2017-5983

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object...

Code injection

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object...

Design/Logic Flaw

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

Remote Code Execution (RCE)

glassfish web-core is susceptible to remote code execution. It does not prevent NULL \0 byte injection in repository path of PartItem, allowing potential file manipulation via Java object deserialization. Moreover, it does not validate the existence of the NULL \0 byte when an older Java VM is...

IBM WebSphere Application Server 8.0.0.x < 8.0.0.13 Multiple Vulnerabilities

Binary data 700016.prm...

IBM WebSphere Application Server 7.0.0.x < 7.0.0.43 Multiple Vulnerabilities

Binary data 700015.prm...

Design/Logic Flaw

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...

CVE-2017-3159

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...

CVE-2017-3159

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...

CVE-2017-3159

Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization vulnerability. De-serializing untrusted data can lead to security flaws...

Design/Logic Flaw

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...

CVE-2017-5586

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...

CVE-2017-5586

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...