83 matches found
The vulnerability of the Apache XML-RPC library (ws-xmlrpc) arises from the possibility of retrieving data from external sources without sufficient verification. This allows attackers to execute arbitrary code.
The vulnerability of the Apache XML-RPC library exists due to the retrieval of data from an external source without sufficient verification. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted serializable Java object, with the use of the...
CVE-2016-6527
The SmartCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...
CVE-2016-6527
The SmartCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...
CVE-2016-6526
The SpamCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...
CVE-2016-6526
The SpamCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...
CVE-2016-6527
The SmartCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...
CVE-2016-6526
The SpamCall Activity component in Telecom application on Samsung Note device L5.0/5.1 and M6.0 allows attackers to cause a denial of service crash and reboot or possibly gain privileges via a malformed serializable object...
Jndi injection and Spring RCE vulnerability analysis-vulnerability warning-the black bar safety net
Foreword Because before has been traveling, and haven't done the research, eleven during the re-focus of the 2 0 1 6 BlackHat the above subject, wherein jndi injection caught my attention, this paper mainly divided into the following 3 sections, the understanding of jndi, analysis jndi injection...
PT-2016-3244 · Apache +2 · Apache Xml-Rpc Library +2
Name of the Vulnerable Software and Affected Versions: Apache XML-RPC library version 3.1.3 Description: The issue allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element. This is due to the library's failure to properly verify data from external...
PHP interpreter vulnerabilities that allow attackers to execute arbitrary code
Multiple vulnerabilities in the PHP interpreter are related to the use of memory after it is freed. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code by interacting with the Serializable interface, the SplObjectStorage class, and the SplDoublyLinkedList class...
Design/Logic Flaw
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to 1 the Serializable interface, 2 the SplObjectStorage class, and 3 the SplDoublyLinkedList class, which are mishandled...
CVE-2015-6834
Summary: CVE-2015-6834 (and related CVEs 2015-6835, 2015-6836, 2015-6837/6838) are PHP unserialize-related use-after-free and type-confusion vulnerabilities. They affect PHP priors to 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, enabling remote code execution via crafted serialized data ...
JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...
PHP 5.4/5.5/5.6 - 'Unserialize()' Use-After-Free
Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely. Affect...
PHP unserialize() Use-After-Free Vulnerabilities
Exploit for php platform in category dos / poc Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory...
PHP 5.45.55.6 - Unserialize() Use-After-Free
PHP 5.45.55.6 - Unserialize Use-After-Free Use After Free Vulnerabilities in unserialize Taoguang Chen Write Date: 2015.7.31 Release Date: 2015.9.4 Multiple use-after-free vulnerabilities were discovered in unserialize with Serializable class that can be abused for leaking arbitrary memory blocks...
UBUNTU-CVE-2015-6834
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to 1 the Serializable interface, 2 the SplObjectStorage class, and 3 the SplDoublyLinkedList class, which are mishandled...
CVE-2015-6832
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/splarray.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field...
JDK: unspecified sandbox bypass (ORB)
The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block...
Design/Logic Flaw
Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...