GHSA-H892-X453-86WC Pippo RCE Vulnerability

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...

Pippo RCE Vulnerability

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution RCE. The vulnerability exists through server-side request forgery when unmarshalling XStream objects with the java.beans.EventHandler, java.lang.ProcessBuilder, javax.imageio.ImageIO$ContainsFilter, and jdk.nashorn.internal.objects.NativeString class...

VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution

Exploit Title: VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Date: 2020-05-24 Vendor Homepage: https://www.vmware.com/ Software Link:...

Remote Code Execution (RCE)

pippo-xstream is vulnerable to remote code execution. The XstreamEngine component does not validate XML data before unmarshalling, which may lead to arbitrary code execution via a command to java.lang.ProcessBuilder when using XML data containing malicious types...

Remote code execution

Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder because the XstreamEngine component does not use XStream's available protection mechanisms to restrict unmarshalling...