4269 matches found
EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-1858)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or...
Deserialization of untrusted data
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...
CVE-2019-15542
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...
CVE-2019-15542
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...
CVE-2019-15542
An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...
CVE-2019-15542
An issue in the ammonia crate for Rust (before 2.1.0) causes uncontrolled recursion during HTML DOM tree serialization in the affected component. The documents provide the vulnerability description but do not specify exploit vectors, practical impact beyond potential recursion, or concrete remedi...
NewStart CGSL MAIN 4.05 : java-1.8.0-openjdk Multiple Vulnerabilities (NS-SA-2019-0119)
The remote NewStart CGSL host, running version MAIN 4.05, has java-1.8.0-openjdk packages installed that are affected by multiple vulnerabilities: - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE:...
xstream code injection vulnerability
xstream is an open source Java class library , it can serialize objects into XML or deserialize XML into objects . . A code injection vulnerability exists in xstream. The vulnerability stems from a network system or product that does not properly filter special elements of externally entered data...
jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis
A vulnerability was discovered in jackson-databind where it would permit deserialization of a malicious object using MyBatis classes when using DefaultTyping. An attacker could use this flaw to achieve content exfiltration and possibly conduct further attacks...
WebERP 4.15 - SQL injection Exploit
Exploit for php platform in category web applications Exploit Title: Blind SQL injection in WebERP. Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: http://www.weberp.org/ Version: 4.15 A malicious query can be sent in base64 encoding to unseriali...
Remote code execution
Sitecore Experience Platform XP prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object...
IBM Websphere Application Server Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Websphere Application Server Network Deployment Untrusted Data Deserialization Remote Code Execution', 'Description' = % This module exploits...
The original Java deserialization remote execution vulnerabilities so simple-vulnerability warning-the black bar safety net
Here we for Java deserialization issue caused remote code execution vulnerability principles are introduced. In order to simplify the description,without introducing a 3rd party library under the premise of the Operation, HOPE can serve to initiate the effect. There are 3 main parts: The Java...
PT-2019-17012 · Ibm · Ibm Websphere Application Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 through 9.0 Description: The issue allows a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. Recommendations:...
UBUNTU-CVE-2019-10912
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...
CVE-2019-10912
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...
Arbitrary file deletion
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...
CVE-2019-10912
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...
DEBIAN-CVE-2019-10912
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...
CVE-2019-10912
In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...