292 matches found
PT-2024-31215 · WordPress · The 140+ Widgets
Name of the Vulnerable Software and Affected Versions: The 140+ Widgets | Best Addons For Elementor – FREE for WordPress versions up to, and including, 1.4.3.1 Description: The issue allows authenticated attackers with contributor-level permissions and above to inject a PHP Object via...
CVE-2024-3967
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...
CVE-2024-3967
The CVE-2024-3967 entry concerns OpenText iManager 3.2.6.0200, where a vulnerability in unsafe Java object deserialization can lead to Remote Code Execution. Documented impact is High/CRITICAL per CVSS, with potential for execution without user interaction over NETWORK (NVD metrics) and adjacent ...
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...
CVE-2024-3967 Remote Code Execution vulnerability in the iManager
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...
PT-2024-28609 · Opentext · Opentext Imanager
Name of the Vulnerable Software and Affected Versions: OpenText iManager version 3.2.6.0200 Description: A remote code execution issue has been discovered, which can trigger remote code execution using unsafe Java object deserialization. Recommendations: For OpenText iManager version 3.2.6.0200, ...
RHEL 7 : xmlrpc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...
RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:3729)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3729 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 6 / 7 : rh-ruby22-ruby (RHSA-2018:0583)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0583 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
Exploit for Deserialization of Untrusted Data in Torrentpier
CVE-2024-1651 This CVE was discovered by Carlos Bello from the...
Remote Code Execution (RCE)
jenkins-core is vulnerable to Remote Code Execution. The vulnerability is due to unsafe deserialization of Java objects. This flaw allows attackers to execute arbitrary code via a crafted serialized Java object, which could trigger an LDAP query to a third-party server...
CVE-2024-2054
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user...
Insecure Deserialization
nGrinder is vulnerable to Insecure Deserialization. The vulnerability is caused due to a lack of proper input filtering during Java object deserialization within Connector.java. Specifically, unauthenticated users could submit serialized Java objects, leading to the potential execution of arbitra...
CVE-2024-28213
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...
Exploit for Deserialization of Untrusted Data in Torrentpier
CVE-2024-1651 This CVE was discovered by Carlos Bello from the...
CVE-2017-20189
In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...
Ovic Responsive WPBakery < 1.2.9 - Subscriber+ Option Update
Description The plugin does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'userscanregister' and 'defaultrole'. It also unserializes user input in the process, which may lead to Object...
CVE-2023-38689 Deserialization of Untrusted Data in network IO
Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...
PT-2023-19848 · Ibm · Ibm B2B Advanced Communications +1
Name of the Vulnerable Software and Affected Versions: IBM B2B Advanced Communications version 1.0.0.0 IBM Multi-Enterprise Integration Gateway version 1.0.0.1 Description: The issue allows a user to cause a denial of service due to the deserializing of untrusted serialized Java objects...