Lucene search
K

292 matches found

Tenable Nessus
Tenable Nessus
added 2015/11/23 12:0 a.m.1765 views

Oracle WebLogic Java Object Deserialization RCE

The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS Security component due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this to execute...

9.8CVSS8.6AI score0.96032EPSS
Exploits17References3
Veracode
Veracode
added 2015/11/09 7:34 p.m.90 views

Potential Remote Code Execution Via Java Object Deserialization

Apache Commons includes a class called InvokerTransformer. An application is vulnerable to a deserialization attack if this class is available on the classpath and the application deserializes untrusted or user-supplied data. It's not necessary to actually use InvokerTransfomer to be vulnerable...

10CVSS9.7AI score0.97655EPSS
Exploits34References24Affected Software6
RedHat Linux
RedHat Linux
added 2015/06/23 8:11 a.m.6 views

php: exception:: getTraceAsString type confusion issue after unserialize

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

10CVSS7.4AI score0.11003EPSS
Exploits5References4
Snyk
Snyk
added 2014/09/08 9:0 p.m.5 views

Unsafe Object Deserialization

Overview Affected versions of this package are vulnerable to Unsafe Object Deserialization. POC The exploitable code: js hasOwnProperty.constructor.prototype.valueOf = valueOf.call; "a", "alert1".sorthasOwnProperty.constructor; The exploit: - 1. Array.sort takes a comparison function and passes i...

7.4CVSS6.9AI score
Exploits0References2
OSV
OSV
added 2013/10/10 12:55 a.m.4 views

UBUNTU-CVE-2013-4271

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...

7.5CVSS6.1AI score0.02832EPSS
Exploits0References3
securityvulns
securityvulns
added 2013/07/01 12:0 a.m.41 views

puppet code exeuction

Code execution via YAML object deserialization...

7.5CVSS4AI score0.03408EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2011/10/16 12:0 a.m.54 views

Debian: Security Advisory (DSA-2311-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.6AI score0.06277EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2011/09/28 12:0 a.m.40 views

Debian DSA-2311-1 : openjdk-6 - several vulnerabilities

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code including applets to...

10CVSS8.2AI score0.06277EPSS
Exploits0References17
NVD
NVD
added 2005/05/02 4:0 a.m.24 views

CVE-2005-0223

The Software Development Kit SDK and Run Time Environment RTE 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service Java Virtual Machine hang via object deserialization...

5CVSS6.7AI score0.01825EPSS
Exploits0References1
CVE
CVE
added 2005/02/06 5:0 a.m.54 views

CVE-2005-0223

CVE-2005-0223 affects the Tru64 UNIX Software Development Kit (SDK) and Run Time Environment (RTE) versions 1.4.1 and 1.4.2. The vulnerability is a deserialization flaw that allows remote attackers to trigger a denial of service by causing the Java Virtual Machine to hang. The available connected...

5CVSS7AI score0.01825EPSS
Exploits0References1Affected Software2
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

More info at https://symfony.com/cve-2026-45077...

5.8AI score0.01261EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

More info at https://symfony.com/cve-2026-45077...

5.8AI score0.01261EPSS
Exploits0Affected Software1
Rows per page
Query Builder