457 matches found
CVE-2024-34274
OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclientspot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. NOTE: This vulnerability only affects products that are no longer...
VulnCheck KEV: CVE-2016-4326
The Chef Manage formerly opscode-manage add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie...
GPT Academic Code Execution Vulnerability
GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a code execution vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by an...
GPT Academic 安全漏洞
GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. GPT Academic suffers from a code execution vulnerability that arises from unsafe deserialization of serialized data received by an application from a user, which can be exploited by an...
EyouCMS 代码问题漏洞
EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP. EyouCMS version 1.6.5 has a deserialization vulnerability, the vulnerability stems from the unsafe deserialization of the parameter channelid of the file /login.php in the receipt of user-submitted serialized data...
Serialized Data Detected
Serialization is the process of converting an object to a stream of bytes, in order to store or send it through the network. By opposition, deserialization is the process of reconstructing an object from this stream of bytes. Web applications often use serialized data transmitted from the client...
PHPEMS 代码问题漏洞
PHPEMS is a PHP online mock exam system. PHPEMS suffers from a deserialization vulnerability that stems from unsafe deserialization processing of lib/session.cls.php when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution...
Apache Submarine Deserialization Vulnerability
Apache Submarine is a cloud-native machine learning platform from the Apache USA Foundation. Apache Submarine suffers from a deserialization vulnerability that stems from unsafe deserialization processing by snakeyaml when receiving serialized data submitted by a user, which can be exploited by a...
Apache UIMA Deserialization Vulnerability
Apache UIMA is the United States Apache Apache Foundation, a componentized software architecture. Used to analyze large-volume unstructured information associated with end users. Apache UIMA version 3.5.0 before the existence of a deserialization vulnerability , the vulnerability stems from the...
emlog 代码问题漏洞
emlog is a PHP and MySQL based CMS builder for emlog personal developers. emlog pro v2.1.15 and previous versions of the existence of a deserialization vulnerability, the vulnerability stems from the application in the receipt of user-submitted serialized data insecure deserialization process, a...
CVE-2023-39945 Malformed serialized data in a data submessage leads to unhandled exception
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled BadParamException in fastcdr, which in turn crashes fastdds. Versions 2.11.0,...
Adobe ColdFusion 代码问题漏洞
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a deserialization vulnerability that arises from unsafe deserialization of...
The vulnerability in the web-based interface for managing the ArcServe UDP data protection software allows a perpetrator to escalate their privileges and execute arbitrary code.
The vulnerability of the web interface for managing the ArcServe UDP data protection software is related to errors in processing serialized data. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code by sending a specially crafted HTTP reque...
Privilege Escalation
Overview Affected versions of this package are vulnerable to Privilege Escalation. A vulnerability exists in .NET when deserializing a DataSet or DataTable from XML which may result in elevation of privileges. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm64 to version 6.0.18, 7.0.7 ...
PT-2023-9021
Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.x through 5.7.7 Spring Security versions 5.8.x through 5.8.2 Spring Security versions 6.0.x through 6.0.2 Description The issue is related to the logout support not properly cleaning the security context if using...
Adobe ColdFusion 代码问题漏洞
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. A deserialization vulnerability exists in Adobe ColdFusion. The vulnerability arises from insecure...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Proof of Concept for Log4j CVE-2021-44228 Disclaimer Th...
K29691966: PHP vulnerability CVE-2016-5773
Security Advisory Description phpzip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service...
K30363030: PHP vulnerability CVE-2016-5771
Security Advisory Description splarray.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and...
K48414132: PHP SOAP vulnerability CVE-2015-8835
Security Advisory Description The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and...