4276 matches found
CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...
CVE-2024-6923
There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized...
Ubuntu 14.04 LTS : Apache Commons Collections vulnerability (USN-6936-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6936-1 advisory. It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to...
Python 安全漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python that stems from a failure of the email module to properly reference line...
USN-6936-1: Apache Commons Collections vulnerability
It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code...
USN-6936-1 libcommons-collections3-java vulnerability
It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code...
CVE-2024-39673
Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2024-39673
Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
PT-2024-28613 · Iaware · Iaware
Name of the Vulnerable Software and Affected Versions: iAware module affected versions not specified Description: The issue is related to a serialisation/deserialisation mismatch in the iAware module. Successful exploitation of this issue may affect service confidentiality. Recommendations: At th...
CVE-2024-5625
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...
CVE-2024-5625
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...
CVE-2024-5625 XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...
CVE-2024-5625 XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1...
Atlassian Jira Service Management Data Center and Server < 5.4.18 / 5.5.x < 5.8.0 / 5.12.0 (JSDSERVER-15436)
The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-15436 advisory. - XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote...
PT-2024-36773 · Unknown · Apinizer Management Console
Name of the Vulnerable Software and Affected Versions: Apinizer Management Console versions prior to 2024.05.1 Description: The issue is related to an Improper Restriction of XML External Entity Reference, which allows Data Serialization External Entities Blowup. Recommendations: For versions pri...
Remote Code Execution (RCE)
torrentpier/torrentpier is vulnerable to Remote Code Execution RCE. The vulnerability is due to the unsafe handling of user-controlled data specifically cookies within the gettracks function in torrentpier/library/includes/functions.php, where unsafe usage of PHP's native serialization format...
CVE-2024-40624
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...
CVE-2024-40624 Deserialization of untrusted data in torrentpier/torrentpier
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...
CVE-2024-40624 Deserialization of untrusted data in torrentpier/torrentpier
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...
GHSA-FG86-4C2R-7WXW TorrentPier Deserialization of Untrusted Data vulnerability
Summary In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies: https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.phpL41-L60 PoC One can use...