64 matches found
EUVD-2016-6013
Malware in sbrugna...
CVE-2024-28212
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...
CVE-2024-28216
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery...
CVE-2024-28214
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker...
CVE-2024-28211
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker...
CVE-2024-28215
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery...
CVE-2024-28213
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...
Insecure Deserialization
nGrinder is vulnerable to Insecure Deserialization. The vulnerability is caused due to a lack of proper input filtering during Java object deserialization within Connector.java. Specifically, unauthenticated users could submit serialized Java objects, leading to the potential execution of arbitra...
nGrinder vulnerable to unsafe Java objects deserialization
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...
GHSA-J7JM-8GF5-FRCM nGrinder vulnerable to unsafe Java objects deserialization
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...
CVE-2024-28216
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery...
CVE-2024-28216
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery...
CVE-2024-28215
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery...
CVE-2024-28213
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...
CVE-2024-28214
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker...
CVE-2024-28214
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker...
CVE-2024-28213
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...
CVE-2024-28212
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization...
CVE-2024-28211
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker...
CVE-2024-28215
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery...