Lucene search
K

292 matches found

Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.5 views

PT-2024-31215 · WordPress · The 140+ Widgets

Name of the Vulnerable Software and Affected Versions: The 140+ Widgets | Best Addons For Elementor – FREE for WordPress versions up to, and including, 1.4.3.1 Description: The issue allows authenticated attackers with contributor-level permissions and above to inject a PHP Object via...

8CVSS7AI score0.006EPSS
Exploits0References5
NVD
NVD
added 2024/05/15 5:15 p.m.42 views

CVE-2024-3967

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

9.8CVSS8AI score0.00635EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 4:40 p.m.34 views

CVE-2024-3967

The CVE-2024-3967 entry concerns OpenText iManager 3.2.6.0200, where a vulnerability in unsafe Java object deserialization can lead to Remote Code Execution. Documented impact is High/CRITICAL per CVSS, with potential for execution without user interaction over NETWORK (NVD metrics) and adjacent ...

9.8CVSS7.9AI score0.00635EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/15 4:40 p.m.16 views

CVE-2024-3967 Remote Code Execution vulnerability in the iManager

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

7.6CVSS8AI score0.00635EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/15 4:40 p.m.44 views

CVE-2024-3967 Remote Code Execution vulnerability in the iManager

Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization...

7.6CVSS8.2AI score0.00635EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.9 views

PT-2024-28609 · Opentext · Opentext Imanager

Name of the Vulnerable Software and Affected Versions: OpenText iManager version 3.2.6.0200 Description: A remote code execution issue has been discovered, which can trigger remote code execution using unsafe Java object deserialization. Recommendations: For OpenText iManager version 3.2.6.0200, ...

9.8CVSS8AI score0.00635EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.33 views

RHEL 7 : xmlrpc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xmlrpc: XML external entity vulnerability SSRF via a crafted DTD CVE-2016-5002 - xmlrpc: Deserialization ...

7.4AI score0.14876EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.24 views

RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:3729)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3729 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8CVSS7.5AI score0.10715EPSS
Exploits0References33
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.19 views

RHEL 6 / 7 : rh-ruby22-ruby (RHSA-2018:0583)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0583 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8CVSS7.7AI score0.73927EPSS
Exploits14References28
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.34 views

RHEL 6 / 7 : rh-ruby23-ruby (RHSA-2018:0585)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0585 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8CVSS7.7AI score0.73927EPSS
Exploits14References25
GithubExploit
GithubExploit
added 2024/04/19 4:18 p.m.335 views

Exploit for Deserialization of Untrusted Data in Torrentpier

CVE-2024-1651 This CVE was discovered by Carlos Bello from the...

10CVSS9.6AI score0.33997EPSS
Exploits3
Veracode
Veracode
added 2024/04/02 6:0 a.m.47 views

Remote Code Execution (RCE)

jenkins-core is vulnerable to Remote Code Execution. The vulnerability is due to unsafe deserialization of Java objects. This flaw allows attackers to execute arbitrary code via a crafted serialized Java object, which could trigger an LDAP query to a third-party server...

9.8CVSS7.8AI score0.96943EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2024/03/21 2:52 a.m.5 views

CVE-2024-2054

The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user...

9.8CVSS6.3AI score0.8126EPSS
Exploits9References2
Veracode
Veracode
added 2024/03/08 5:54 a.m.14 views

Insecure Deserialization

nGrinder is vulnerable to Insecure Deserialization. The vulnerability is caused due to a lack of proper input filtering during Java object deserialization within Connector.java. Specifically, unauthenticated users could submit serialized Java objects, leading to the potential execution of arbitra...

9.8CVSS7AI score0.01199EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/03/07 5:15 a.m.50 views

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

9.8CVSS7.8AI score0.01199EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2024/02/23 11:4 a.m.376 views

Exploit for Deserialization of Untrusted Data in Torrentpier

CVE-2024-1651 This CVE was discovered by Carlos Bello from the...

10CVSS9.6AI score0.33997EPSS
Exploits3
NVD
NVD
added 2024/01/22 6:15 a.m.18 views

CVE-2017-20189

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...

9.8CVSS9.6AI score0.01321EPSS
Exploits1References6
wpexploit
wpexploit
added 2023/12/13 12:0 a.m.333 views

Ovic Responsive WPBakery < 1.2.9 - Subscriber+ Option Update

Description The plugin does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'userscanregister' and 'defaultrole'. It also unserializes user input in the process, which may lead to Object...

8.8CVSS8.9AI score0.0056EPSS
Exploits1
Cvelist
Cvelist
added 2023/08/04 4:21 p.m.36 views

CVE-2023-38689 Deserialization of Untrusted Data in network IO

Logistics Pipes is a modification a.k.a. mod for the computer game Minecraft Java Edition. The mod used Java's ObjectInputStreamreadObject on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packet...

8.1CVSS9.9AI score0.01211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/31 12:0 a.m.6 views

PT-2023-19848 · Ibm · Ibm B2B Advanced Communications +1

Name of the Vulnerable Software and Affected Versions: IBM B2B Advanced Communications version 1.0.0.0 IBM Multi-Enterprise Integration Gateway version 1.0.0.1 Description: The issue allows a user to cause a denial of service due to the deserializing of untrusted serialized Java objects...

7.5CVSS6.5AI score0.00704EPSS
Exploits0References5
Rows per page
Query Builder