Lucene search
+L

616 matches found

Veracode
Veracode
added 2022/02/17 4:39 a.m.23 views

Arbitrary Code Execution

cayenne-server is vulnerable to arbitrary code execution. An attacker with client access to Cayenne ROP can transmit a malicious payload to any weak third-party dependency on the server...

8.8CVSS3.7AI score0.02282EPSS
Exploits0References5Affected Software1
Kitploit
Kitploit
added 2022/02/13 8:30 p.m.25 views

Exrop - Automatic ROP Chain Generation

Exrop is automatic ROP chains generator tool which can build gadget chain automatically from given binary and constraints Requirements : Triton, ROPGadget Only support for x86-64 for now! Features: handling non-return gadgets jmp reg, call reg set registers rdi=0xxxxxx, rsi=0xxxxxx set register t...

7.2AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/02/12 12:0 a.m.22 views

Deserialization of untrusted data in Apache Cayenne

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

8.8CVSS4.2AI score0.02282EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/02/12 12:0 a.m.18 views

GHSA-C58C-W527-H77P Deserialization of untrusted data in Apache Cayenne

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

8.8CVSS8.9AI score0.02282EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/02/11 1:15 p.m.6 views

CVE-2022-24289

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

8.8CVSS7.6AI score0.02282EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/02/11 1:15 p.m.30 views

CVE-2022-24289

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

8.8CVSS0.02282EPSS
Exploits0References2
Prion
Prion
added 2022/02/11 1:15 p.m.20 views

Code injection

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

6.5CVSS8.9AI score0.02282EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/11 12:20 p.m.109 views

CVE-2022-24289

CVE-2022-24289 describes a deserialization vulnerability in the Hessian component of Apache Cayenne’s Remote Object Persistence (ROP) for Cayenne 4.1 and earlier when running on non-current Java patches. An attacker with client access to Cayenne ROP can send a malicious payload to vulnerable thir...

8.8CVSS8.9AI score0.02282EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/11 12:20 p.m.20 views

CVE-2022-24289 Deserialization of untrusted data in the Hessian Component of Apache Cayenne 4.1 with older Java versions

Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne's optional Remote Object Persistence ROP feature is a web services-based technology that provides object persistence and query functionality to 'remote' applications. In Apache Cayenne 4.1 and...

8.8CVSS7.5AI score0.02282EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2022/01/14 5:52 a.m.1142 views

Exploit for Out-of-bounds Write in Solarwinds Serv-U

Serv-U CVE-2021-35211 Exploit Potential for DoS - check yo...

10CVSS9.6AI score0.9116EPSS
Exploits2
0day.today
0day.today
added 2022/01/10 12:0 a.m.241 views

VUPlayer 2.49 - (.wax) Local Buffer Overflow (DEP Bypass) Exploit

Exploit Title: VUPlayer 2.49 - '.wax' Local Buffer Overflow DEP Bypass Exploit Author: Bryan Leong Vendor Homepage: http://www.vuplayer.com/ Software Link: Null Version: VUPlayer 2.49 Tested on: Windows 7 x64 CVE : CVE-2009-0182 VUPlayer 2.49 Local Buffer Overflow to Arbitrary Code Execution...

8.8CVSS8.9AI score0.48398EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/01/10 12:0 a.m.362 views

VUPlayer 2.49 - '.wax' Local Buffer Overflow (DEP Bypass)

Exploit Title: VUPlayer 2.49 - '.wax' Local Buffer Overflow DEP Bypass Date: 26/06/2021 Exploit Author: Bryan Leong Vendor Homepage: http://www.vuplayer.com/ Software Link: Null Version: VUPlayer 2.49 Tested on: Windows 7 x64 CVE : CVE-2009-0182 VUPlayer 2.49 Local Buffer Overflow to Arbitrary Co...

9.3CVSS8.8AI score0.48398EPSS
Exploits4
Kitploit
Kitploit
added 2021/11/26 8:30 p.m.30 views

ELFXtract - An Automated Analysis Tool Used For Enumerating ELF Binaries

ELFXtract is an automated analysis tool used for enumerating ELF binaries Powered by Radare2 and r2ghidra This is specially developed for PWN challenges and it has many automated features It almost displays every details of the ELF and also decompiles its ASM to C code using r2ghidra Decompiling...

7.7AI score
Exploits0References3
GithubExploit
GithubExploit
added 2021/11/07 4:15 p.m.977 views

Exploit for Use After Free in Microsoft

CVE-2021-40449 More info here: https://kristal-g.github.io/20...

7.8CVSS8.1AI score0.73381EPSS
Exploits11
OSV
OSV
added 2021/07/21 3:15 a.m.3 views

CVE-2021-1099

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affect...

7.8CVSS7.5AI score
Exploits0References1
NVD
NVD
added 2021/07/21 3:15 a.m.21 views

CVE-2021-1099

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affect...

7.8CVSS0.00218EPSS
Exploits0References1
Prion
Prion
added 2021/07/21 3:15 a.m.20 views

Stack overflow

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affect...

4.6CVSS7.5AI score0.00218EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/21 2:55 a.m.27 views

CVE-2021-1099

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affect...

7CVSS7.9AI score0.00218EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/20 12:0 a.m.5 views

Nvidia vGPU Software 缓冲区错误漏洞

Nvidia vGPU Software is a management software from Nvidia, USA for providing GPU capabilities to virtual machines. The software supports multiple virtual machines to access the host's GPU, providing graphics performance and application compatibility for virtual machines. A buffer error...

7.8CVSS7.5AI score0.00218EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2021/06/21 12:0 a.m.434 views

Solaris SunSSH 11.0 x86 - libpam Remote Root (3)

Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner Date: 09/11/2020 CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based...

10CVSS9.8AI score0.79842EPSS
Exploits13
Rows per page
Query Builder