10 matches found
CVE-2025-60037
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which...
CVE-2025-60035
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data...
EUVD-2025-35856
The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may result in unintended code execution or other malicious behavior on the target system...
CVE-2025-46183
The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may result in unintended code execution or other malicious behavior on the target system...
CVE-2025-46183
CVE-2025-46183 affects pgCodeKeeper 10.12.0; the vulnerability stems from the Utils.deserialize function handling serialized data from untrusted sources. A specially crafted .ser file may lead to unintended code execution or other malicious behavior on the target system, per Red Hat and other sou...
The vulnerability of the pgCodeKeeper plugin for the PostgreSQL database, related to deserialization mechanism flaws, allows a hacker to execute arbitrary code.
The vulnerability of the pgCodeKeeper plugin for the PostgreSQL database is related to deficiencies in the deserialization mechanism in the “deserialize” method of the “Utils” class. Exploiting this vulnerability allows an attacker to execute arbitrary code through a specially crafted file with t...
CVE-2024-42455
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The...
CVE-2016-9835
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file...
CVE-2016-9835
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file...
commons-fileupload: Arbitrary file upload via deserialization
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...