Exploit for Deserialization of Untrusted Data in Apache Tomcat

It is an offensive tool for web application exploitation. The re...

KLA79208 Multiple vulnerabilities in Oracle Java

Multiple vulnerabilities were found in Oracle Java. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability can be exploited remotely to execut...

CVE-2023-0925

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry listening on TCP port 2099 by default and two RMI interfaces listening on a single, dynamically assigned TCP high port. Port 2099 serves as a Java Remote Method Invocation RMI...

The vulnerability of the connection method to the LDAP server lies in the LDAP connector of the Java Remote Connector Server (RCS) and the OpenIDM identity management system. This vulnerability stems from the lack of protection for the transmitted data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the LDAP connection method lies in the lack of protection for the data transmitted. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected information...

CVE-2023-29411

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior authentication on the Java RMI interface...

CVE-2023-1656

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...

CVE-2023-1656

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...

Code injection

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...

CVE-2023-1656

CVE-2023-1656 affects ForgeRock OpenIDM and the Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, and Linux. The root cause is cleartext transmission of LDAP BIND credentials before TLS, leading to potential exposure of credentials for OpenIDM and RCS versions 1.5.20.9–1.5.20.1...

CVE-2023-1656 When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...

PT-2023-2592 · Forgerock · Openid +1

Name of the Vulnerable Software and Affected Versions: OpenIDM and Java Remote Connector Server RCS versions 1.5.20.9 through 1.5.20.13 Description: The issue is related to the cleartext transmission of sensitive information, which can allow remote services to access protected information with...

SUSE CVE-2016-0788

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener...

The vulnerability of the Java Remote Management interface of the financial management software SVI MS Management System allows a perpetrator to execute arbitrary code.

The vulnerability of the Java Remote Management interface of the SVX MS Management System lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

NetScout nGeniusONE 代码注入漏洞

NetScout nGeniusONE is a centralized application management and network performance solution from NetScout, Inc. A code injection vulnerability exists in NetScout nGeniusONE version 6.3.2, which can be exploited by an attacker to execute Java RMI code...

GHSA-J7Q5-H445-F7PC Jenkins allows Execution of Code by Opening a JRMP Listener

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener...

CVE-2020-23621

The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object...

CVE-2020-23620

The CVE-2020-23620 entry concerns Orlansoft ERP’s Java Remote Management Interface, with a vulnerability caused by insecure deserialization of user-supplied content. This allows an attacker to execute arbitrary Java code by submitting a crafted serialized object. Multiple connected documents (inc...

The vulnerability of the Java RMI voice portal interface of Cisco Unified Customer Voice Portal allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Java RMI voice portal of Cisco Unified Customer Voice Portal is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2020-3402

A vulnerability in the Java Remote Method Invocation RMI interface of Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticate...

Cisco Unified Customer Voice Portal Information Disclosure Vulnerability

A vulnerability in the Java Remote Method Invocation RMI interface of Cisco Unified Customer Voice Portal CVP could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticate...