4266 matches found
Windows: ManagementObject Arbitrary .NET Serialization RCE(CVE-2017-0160)
Windows: ManagementObject Arbitrary .NET Serialization RCE Platform: .NET 4.6, Powershell 4. Tested between Server 2016 and Windows 10 Anniversary Edition Class: Remote Code Execution Summary: Accessing a compromised WMI server over DCOM using System.Management classes or the Powershell...
DEBIAN-CVE-2016-4483
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627...
Out-of-bounds
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627...
CVE-2016-4483
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627...
CVE-2016-4483
CVE-2016-4483 is a libxml2 serialization bug: xmlBufAttrSerializeTxtContent can trigger an out-of-bounds read when a non-UTF-8 attribute value is serialized, leading to a denial of service. Connected records note related follow-ons: CVE-2016-9598 (and CVE-2016-9596) describe DoS/out-of-bounds sce...
Java AMF3 deserialization vulnerability analysis-vulnerability warning-the black bar safety net
AMF Action Message Format is a binary serialization format, before the main Flash application in using this format. Recently, the Code White found to have multiple Java AMF library in the presence of vulnerabilities, and these vulnerabilities will lead to unauthenticated remote code execution...
GitLab permission leak Vulnerability, CVE-2017-0882)
Information Disclosure in Issue and Merge Request Trackers During an internal code review a critical vulnerability in the GitLab Issue and Merge Request trackers was discovered. This vulnerability could allow a user with access to assign ownership of an issue or merge request to another user to...
Arbitrary Code Execution Via Serialization
QOS.ch Logback is vulnerable to arbitrary code execution via serialization. It is possible to write untrusted objects from the Logger, allowing arbitrary code execution...
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
Code injection
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
UBUNTU-CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
DEBIAN-CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
CVE-2017-5929
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components...
CVE-2017-5929
CVE-2017-5929 – Logback deserialization issue : QOS.ch Logback up to 1.2.0 contains a serialization vulnerability in the SocketServer and ServerSocketReceiver paths. The RemoteStreamAppenderClient, SocketNode, and related classes deserialize data from a Java Socket via ObjectInputStream without v...
Serialization vulnerability
A serialization vulnerability was found in the SocketServer and ServerSocketReceiver components...
Unauthorized Access Via User Impersonation
Apache nifi is vulnerable to unauthorized access via user impersonation attacks. The vulnerability exists due to a possible injection attack in a cluster environment, in the proxy chain's serialization/deserialization. A malicious user can inject in their username to impersonate another user to...
Services - Highly Critical - Arbitrary Code Execution - SA-CONTRIB-2017-029
This module provides a standardized solution for building API's so that external clients can communicate with Drupal. The module accepts user submitted data in PHP's serialization format "Content-Type: application/vnd.php.serialized" which can lead to arbitrary remote code execution. This...