CVE-2020-3280

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affecte...

CVE-2020-3280 Cisco Unified CCX Preauth RCE

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affecte...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

ysoserial-cve-2018-2628 0x1. 准备工作 - 准备好POC脚本及Payload Object生成、JRMPListener运行所需软件环境 Python 2.7.x Oracle Java SE 1.7+ - 准备好一套安装好Patch Set Update 180417补丁的WebLogic Server 10.3.6环境（仅有AdminServer即可） 如果有现成的、已经安装好这个PSU版本的WebLogic环境，则可跳过这一步。 - 准备好POC工具 从本项目里下载POC脚本（wls-cve-2018-2628-poc.py）...

The vulnerability of the Cisco Unity Express autocalendar, related to the restoration of a questionable data structure in memory, allows an attacker to execute arbitrary commands.

The vulnerability of the Cisco Unity Express aut secretary relates to the restoration of unreliable data structures Java objects in memory during the processing of requests by the Java RMI Remote Method Invocation service. This vulnerability could allow a malicious actor to execute arbitrary...

CVE-2018-0321

A vulnerability in Cisco Prime Collaboration Provisioning PCP could allow an unauthenticated, remote attacker to access the Java Remote Method Invocation RMI system. The vulnerability is due to an open port in the Network Interface and Configuration Engine NICE service. An attacker could exploit...

CVE-2018-10611

Java remote method invocation RMI input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services...

CVE-2018-10611

Java remote method invocation RMI input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services...

CVE-2017-2767

EMC Network Configuration Manager NCM 9.3.x, EMC Network Configuration Manager NCM 9.4.0.x, EMC Network Configuration Manager NCM 9.4.1.x, EMC Network Configuration Manager NCM 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users t...

CVE-2016-5554

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX...

CVE-2016-4216

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CloudBees Jenkins CI and LTS Remote Code Execution Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A remot...

F5 Networks BIG-IP : Java vulnerability (SOL17170) (deprecated)

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vendor decided CVE-2015-4736 did not apply to BIG-IP products so the plugin has been deprecated. %NASLMINLEVEL 999999...

CVE-2015-0192

Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine...

jdwp-inject NSE Script

Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script allows injection of arbitrary class files. After injection, class' run method is executed. Method run has no parameters,...

Java RMI Services Default Configuration Remote Loading

Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...

Java Remote Management Platform Plaintext Password Detection

Binary data 4586.prm...