Authentication flaw

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...

Delta Electronics InfraSuite Device Master 代码问题漏洞

Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. A deserialization vulnerability in Delta Electronics InfraSuite Device Master versions prior to 1.0.5 can be exploited by an attacker to deserialize a request prio...