Lucene search
K

83 matches found

BDU FSTEC
BDU FSTEC
added 2018/02/02 12:0 a.m.4 views

The vulnerability of the Apache XML-RPC library (ws-xmlrpc) arises from the possibility of retrieving data from external sources without sufficient verification. This allows attackers to execute arbitrary code.

The vulnerability of the Apache XML-RPC library exists due to the retrieval of data from an external source without sufficient verification. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted serializable Java object, with the use of the...

9.8CVSS8.2AI score0.14876EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2017/01/18 5:59 p.m.2 views

CVE-2016-6527

The SmartCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

7.8CVSS5.8AI score0.01491EPSS
Exploits0References3
NVD
NVD
added 2017/01/18 5:59 p.m.16 views

CVE-2016-6527

The SmartCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

9.3CVSS7.8AI score0.01491EPSS
Exploits0References3
NVD
NVD
added 2017/01/18 5:59 p.m.20 views

CVE-2016-6526

The SpamCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

9.3CVSS7.8AI score0.01491EPSS
Exploits0References3
OSV
OSV
added 2017/01/18 5:59 p.m.3 views

CVE-2016-6526

The SpamCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

7.8CVSS5.8AI score0.01491EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/01/18 5:0 p.m.21 views

CVE-2016-6527

The SmartCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

7.8AI score0.01491EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/01/18 5:0 p.m.27 views

CVE-2016-6526

The SpamCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...

7.8AI score0.01491EPSS
Exploits0References3
myhack58
myhack58
added 2016/10/11 12:0 a.m.93 views

Jndi injection and Spring RCE vulnerability analysis-vulnerability warning-the black bar safety net

Foreword Because before has been traveling, and haven't done the research, eleven during the re-focus of the 2 0 1 6 BlackHat the above subject, wherein jndi injection caught my attention, this paper mainly divided into the following 3 sections, the understanding of jndi, analysis jndi injection...

0.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2016/07/12 12:0 a.m.4 views

PT-2016-3244 · Apache +2 · Apache Xml-Rpc Library +2

Name of the Vulnerable Software and Affected Versions: Apache XML-RPC library version 3.1.3 Description: The issue allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element. This is due to the library's failure to properly verify data from external...

9.8CVSS9.7AI score0.14876EPSS
Exploits1References44
BDU FSTEC
BDU FSTEC
added 2016/06/01 12:0 a.m.9 views

PHP interpreter vulnerabilities that allow attackers to execute arbitrary code

Multiple vulnerabilities in the PHP interpreter are related to the use of memory after it is freed. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code by interacting with the Serializable interface, the SplObjectStorage class, and the SplDoublyLinkedList class...

7.5CVSS8.1AI score0.46801EPSS
Exploits4References7Affected Software1
Prion
Prion
added 2016/05/16 10:59 a.m.45 views

Design/Logic Flaw

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to 1 the Serializable interface, 2 the SplObjectStorage class, and 3 the SplDoublyLinkedList class, which are mishandled...

7.5CVSS8.3AI score0.46801EPSS
Exploits4References8Affected Software1
CVE
CVE
added 2016/05/16 10:0 a.m.337 views

CVE-2015-6834

Summary: CVE-2015-6834 (and related CVEs 2015-6835, 2015-6836, 2015-6837/6838) are PHP unserialize-related use-after-free and type-confusion vulnerabilities. They affect PHP priors to 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, enabling remote code execution via crafted serialized data ...

9.8CVSS8.7AI score0.46801EPSS
Exploits4References8Affected Software1
RedHat Linux
RedHat Linux
added 2016/04/29 5:50 p.m.8 views

JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...

9.3CVSS7.8AI score0.06028EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2015/09/09 12:0 a.m.28 views

PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free

Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affect...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/09/09 12:0 a.m.18 views

PHP unserialize() Use-After-Free Vulnerabilities

Exploit for php platform in category dos / poc Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory...

7AI score
Exploits0
exploitpack
exploitpack
added 2015/09/09 12:0 a.m.15 views

PHP 5.45.55.6 - Unserialize() Use-After-Free

PHP 5.45.55.6 - Unserialize Use-After-Free Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks...

0.1AI score
Exploits0
OSV
OSV
added 2015/09/09 12:0 a.m.8 views

UBUNTU-CVE-2015-6834

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to 1 the Serializable interface, 2 the SplObjectStorage class, and 3 the SplDoublyLinkedList class, which are mishandled...

9.8CVSS7.5AI score0.46801EPSS
Exploits4References4
UbuntuCve
UbuntuCve
added 2015/08/27 12:0 a.m.47 views

CVE-2015-6832

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/splarray.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field...

7.5CVSS7.6AI score0.05153EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/11/07 4:47 p.m.5 views

JDK: unspecified sandbox bypass (ORB)

The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block...

9.3CVSS7.2AI score0.06028EPSS
Exploits0References4
Prion
Prion
added 2009/04/27 10:30 p.m.30 views

Design/Logic Flaw

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

5CVSS7.2AI score0.02796EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder