293 matches found
CVE-2020-10740
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application BeansEJB due to lack of validation/filtering capabilities in wildfly...
CVE-2020-10740
CVE-2020-10740 affects WildFly (Enterprise Java Beans) with a remote deserialization vulnerability caused by insufficient validation/filtering in WildFly prior to 20.0.0.Final. The issue is referenced in Red Hat/JBoss advisories (e.g., RHSA-2025:9582) as a fixed item for WildFly/EAP 7.x deploymen...
PT-2020-12305 · Red Hat · Wildfly
Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 20.0.0.Final Description: A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in Wildfly. This issue allows for a potential attack...
CVE-2020-10740
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application BeansEJB due to lack of validation/filtering capabilities in wildfly. Recent assessments: space-r7 at July 17, 2020 2:11pm UTC reported: Versions o...
CVE-2017-5790
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center IMC PLAT version 7.2 E0403P06 was found...
CVE-2017-5790
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center IMC PLAT version 7.2 E0403P06 was found...
CVE-2017-5790
A remote deserialization of untrusted data vulnerability in HPE Intelligent Management Center IMC PLAT version 7.2 E0403P06 was found...
CVE-2017-5790
CVE-2017-5790 is a remote deserialization vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.2 E0403P06 . The flaw exists in the accessMgrServlet and allows unauthenticated remote code execution by deserializing untrusted data. Multiple sources (ZDI-17-166, CNVD-2017-02625, NVD entry...
OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430)
It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger...
apache-commons-collections: InvokerTransformer code execution during deserialisation
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections...
UBUNTU-CVE-2013-2225
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...
Mac OS X Java applet Remote Deserialization Remote PoC (updated)
No description provided by source. Critical Mac OS X Java Vulnerabilities Introduction Five months ago, CVE-2008-5353 and other vulnerabilities were publicly disclosed, and fixed by Sun. CVE-2008-5353 allows malicious code to escape the Java sandbox and run arbitrary commands with the permissions...
Apple Mac OSX - Java applet Remote Deserialization Remote (2)
Critical Mac OS X Java Vulnerabilities Introduction Five months ago, CVE-2008-5353 and other vulnerabilities were publicly disclosed, and fixed by Sun. CVE-2008-5353 allows malicious code to escape the Java sandbox and run arbitrary commands with the permissions of the executing user. This may...