CVE-2015-6934

This CVE (CVE-2015-6934) concerns insecure deserialization in VMware software: VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager 7.x. The root cause is unsafe/deserialization of crafted Java objec...

CVE-2015-8103

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

CVE-2015-8103

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

CVE-2015-8103

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

Oracle WebLogic Apache Commons library deserialization vulnerability

Added: 11/20/2015 CVE: CVE-2015-4852 BID: 77539 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Apache Commons is a widely used Java library which is included in WebLogic Server. Problem A vulnerability in the Apache Commons library used by Oracl...

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server is an Oracle application server for cloud and legacy environments that provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application deployment and management.WLS...

CVE-2015-4852

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

Code injection

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

CVE-2015-4852

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

CVE-2015-4852

CVE-2015-4852 describes a remote code execution in Oracle WebLogic Server via deserialization of untrusted data in the WLS Security component. A crafted serialized Java object (via Apache Commons Collections) in T3 protocol traffic to TCP port 7001 can execute arbitrary commands. Affected version...

CVE-2015-4852

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

CVE-2015-2828

CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data...

Code injection

CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data...

CVE-2015-2828

CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data...

JBoss JMXInvokerServlet JMXInvoker 0.3 remote command execution vulnerability-vulnerability warning-the black bar safety net

/ JBoss JMXInvokerServlet Remote Command Execution JMXInvoker.java v0. 3 - Luca Carettoni @ikki This code exploits a common misconfiguration in the JBoss Application Server 4. x, 5. x, .... Whenever the JMX Invoker is exposed with the default configuration, a malicious "MarshalledInvocation"...