CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Debian CVE•added 2019/01/02 6:0 p.m.•28 views

CVE-2018-19362

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization...

9.8CVSS10AI score0.04124EPSS

Positive Technologies•added 2019/01/02 12:0 a.m.•4 views

PT-2019-1735 · Fasterxml +2 · Jackson-Databind +2

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.7 FasterXML jackson-databind version 2.8.11.3 and earlier FasterXML jackson-databind version 2.7.9.5 and earlier FasterXML jackson-databind version 2.6.7.3 and earlier Description: The issue ...

10CVSS8.4AI score0.62015EPSS

Exploits16References220

Talos Blog•added 2018/11/30 12:33 p.m.•27 views

Threat Roundup for Nov. 23 to Nov. 30

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 23 and Nov. 30. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

1AI score

Talos Blog•added 2018/10/19 1:39 p.m.•43 views

Threat Roundup for October 12 to October 19

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Oct. 12 and 19. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

0.6AI score

RedHat Linux•added 2018/10/17 7:28 p.m.•2 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

RedHat Linux•added 2018/10/17 1:3 p.m.•2 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

0day.today•added 2018/09/16 12:0 a.m.•38 views

Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes)

/ Shellcode Title: Linux/x86 - Add Userr00t/blank Polymorphic Shellcode 103 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Homepage: https://www.doyler.net Tested on: Linux/x86 gcc -o polyaddusershellcode -z execstack -fno-stack-protector polyaddusershellcode.c / / Disassembly of section...

7.4AI score

0day.today•added 2018/09/16 12:0 a.m.•41 views

Linux/x86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes)

/ Title: Linux/86 - File Modification/etc/hosts Polymorphic Shellcode 99 bytes Author: Ray Doyle @doylersec Tested on: Linux/x86 gcc -o polyhostsshellcode -z execstack -fno-stack-protector polyhostsshellcode.c / / Disassembly of section .text: 08048060 : 8048060: 29 c9 sub ecx,ecx 8048062: 51 pus...

0.2AI score

Exploit DB•added 2018/09/14 12:0 a.m.•34 views

Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes)

Linux/86 - File Modification /etc/hosts 127.1.1.1 google.com + Polymorphic Shellcode 99 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/86 - File Modification/etc/hosts Polymorphic Shellcode 99 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Tested on: Linux/x86 gcc -o...

0.1AI score

Exploit DB•added 2018/09/14 12:0 a.m.•22 views

Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes)

Linux/x86 - Add Root User r00t/blank + Polymorphic Shellcode 103 bytes. Shellcode exploit for Linuxx86 platform / Shellcode Title: Linux/x86 - Add Userr00t/blank Polymorphic Shellcode 103 bytes Date: 2018-09-13 Author: Ray Doyle @doylersec Homepage: https://www.doyler.net Tested on: Linux/x86 gcc...

Veracode•added 2018/09/06 2:20 a.m.•7 views

Remote Code Execution Via JSON Deserialization

jodd-json is vulnerable to remote code execution via JSON deserialization. The JSON parser supports polymorphic deserialization when setClassMetadataName is set, which allows an attacker to execute arbitrary code using a crafted JSON request...

8.2AI score

Positive Technologies•added 2018/08/17 12:0 a.m.•4 views

PT-2018-2765 · Fasterxml +2 · Jackson-Databind +2

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.0.0 through 2.9.6 FasterXML jackson-databind versions 2.8.0 through 2.8.11.2 FasterXML jackson-databind versions 2.7.0 through 2.7.9.4 Description: The issue is caused by the lack of protection of the...

10CVSS8.4AI score0.62015EPSS

Exploits16References210

RedHat Linux•added 2018/06/28 7:27 a.m.•3 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

RedHat Linux•added 2018/06/27 3:3 p.m.•3 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

RedHat Linux•added 2018/06/27 3:3 p.m.•4 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

RedHat Linux•added 2018/06/27 2:35 p.m.•0 views

jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries