EUVD-2019-6322

Malware in sbrugna...

GHSA-CRG9-44H2-XW35 Apache ActiveMQ is vulnerable to Remote Code Execution

Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users...

GHSA-V9MF-JGQ3-C28H Data Amplification in Play Framework

An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...

CVE-2019-15321

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled...

CVE-2019-15321

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled...

CVE-2019-15321

CVE-2019-15321 applies to the WordPress plugin “Option Tree” prior to version 2.7.3, where an Object Injection vulnerability arises from mishandled serialized classes. The entry is documented across multiple sources (NVD description: “option-tree plugin before 2.7.3 for WordPress has Object Injec...

JBoss RichFaces 远程代码执行漏洞(CVE-2013-2165)

Bugtraq ID:61085 CVE ID:CVE-2013-2165 JBoss RichFaces是一个具 Ajax和JSF特性的Web框架 RichFaces ResourceBuilderImpl处理反序列化存在在安全漏洞，允许远程攻击者利用此漏洞发送特殊数据，执行部署在服务器上任意可序列化类中的反序列化方法 此漏洞所产生的影响其严重程序取决于这些类的反序列化逻辑 0 JBoss RichFaces 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息： https://rhn.redhat.com/errata/RHSA-2013-1041.html...