348 matches found
Mail.ru: bgplay.mail.ru
Potential RCE via Java object deserialization in out-of-scope service...
Jenkins < 1.642.2 / 1.650 Java Object Deserialization RCE
The remote web server hosts a version of Jenkins or Jenkins Enterprise that is prior to 1.642.2 or 1.650. It is, therefore, affected by a Java deserialization vulnerability. An unauthenticated, remote attacker can exploit this, by deserializing specific java.rmi and sun.rmi objects, to start a JR...
Jenkins < 1.642.2 / 1.650 Java Object Deserialization RCE
The Jenkins web server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Groovy library, specifically the runtime.MethodClosure class. An unauthenticated, remote attacker can exploit this, via a...
Apache ActiveMQ 5.x < 5.13.0 Java Object Unserialization RCE
Binary data 9080.prm...
Lexmark Markvision Enterprise Java Object Deserialization RCE
The remote Lexmark Markvision Enterprise server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a specially crafted...
CVE-2016-1986
HP Continuous Delivery Automation CDA 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...
CVE-2016-1986
HP Continuous Delivery Automation CDA 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...
Design/Logic Flaw
HP Continuous Delivery Automation CDA 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...
CVE-2016-1986
HP Continuous Delivery Automation CDA 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...
CVE-2016-1986
CVE-2016-1986 affects HP Continuous Delivery Automation (CDA) 1.30. A deserialization vulnerability allows remote attackers to execute arbitrary commands via a crafted Java object, related to the Apache Commons Collections library. The NVD entry reports a high/critical impact (CVSS2: 7.5 HIGH; CV...
CVE-2016-0958
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object...
Design/Logic Flaw
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object...
CVE-2016-0958
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object...
CVE-2015-5344
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request...
HP Operations Manager for Windows 8.x and 9.0 Java Object Deserialization RCE
The version of HP Operations Manager installed on the remote host has the Sam Admin Adapter installed. This package is no longer supported by HP and is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collectio...
Design/Logic Flaw
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...
CVE-2015-8765
Intel McAfee ePolicy Orchestrator ePO 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections ACC library...
Code injection
Intel McAfee ePolicy Orchestrator ePO 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections ACC library...
CVE-2015-7450
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons...
Design/Logic Flaw
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons...