292 matches found
Oracle WebLogic Java Object Deserialization RCE
The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the WLS Security component due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this to execute...
Potential Remote Code Execution Via Java Object Deserialization
Apache Commons includes a class called InvokerTransformer. An application is vulnerable to a deserialization attack if this class is available on the classpath and the application deserializes untrusted or user-supplied data. It's not necessary to actually use InvokerTransfomer to be vulnerable...
php: exception:: getTraceAsString type confusion issue after unserialize
A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...
Unsafe Object Deserialization
Overview Affected versions of this package are vulnerable to Unsafe Object Deserialization. POC The exploitable code: js hasOwnProperty.constructor.prototype.valueOf = valueOf.call; "a", "alert1".sorthasOwnProperty.constructor; The exploit: - 1. Array.sort takes a comparison function and passes i...
UBUNTU-CVE-2013-4271
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...
puppet code exeuction
Code execution via YAML object deserialization...
Debian: Security Advisory (DSA-2311-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2311-1 : openjdk-6 - several vulnerabilities
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java SE platform. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code including applets to...
CVE-2005-0223
The Software Development Kit SDK and Run Time Environment RTE 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service Java Virtual Machine hang via object deserialization...
CVE-2005-0223
CVE-2005-0223 affects the Tru64 UNIX Software Development Kit (SDK) and Run Time Environment (RTE) versions 1.4.1 and 1.4.2. The vulnerability is a deserialization flaw that allows remote attackers to trigger a denial of service by causing the Java Virtual Machine to hang. The available connected...
CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
More info at https://symfony.com/cve-2026-45077...
CVE-2026-45077: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener
More info at https://symfony.com/cve-2026-45077...