CVE-2018-16472

A prototype pollution attack in cached-path-relative versions =1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype chain causing a DoS attack...

RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...

RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...

CVE-2018-14667

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData. Recen...

Drupal 7.x < 7.56 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists in the PECL YAML parser due to unsafe handling of PHP objects during certain operations. An unauthenticated, remote attacker can exploit this to execute arbitra...

CVE-2018-17623

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17624

Foxit Reader (v9.1.0.5096) contains a remote code execution vulnerability in the handling of OCG objects due to a lack of validating the existence of an object before performing operations. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). An attacker...

CVE-2018-17624

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17624

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17624

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

VulnCheck KEV: CVE-2018-8611

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory...

Remote code execution

DISPUTED Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution...

PT-2018-14320 · Citrix · Xen Mobile

Name of the Vulnerable Software and Affected Versions: Xen Mobile versions prior to 10.8.0 Description: The issue arises from a service listening on port 5001 within the firewall of Xen Mobile, which accepts unauthenticated input. This service deserializes raw serialized Java objects into Java...

Windows unmarshal post exploitation

This module exploits a local privilege escalation bug which exists in microsoft COM for windows when it fails to properly handle serialized objects. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...

Prototype Pollution

Overview All versions of merge-objects are vulnerable to Prototype Pollution. Recommendation No fix is available for this vulnerability at this time. It is our recommendation to use an alternative package. References - HackerOne Report - GitHub Advisory...

GHSA-J8G6-2WH7-6439 Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-25202)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the handling of dataObjects in Foxit Reader 9.2.0.9297 and earlier versions and Foxit...