Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

NVD
NVDadded 2018/06/11 5:29 p.m.17 views

CVE-2017-3202

The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability...

9.8CVSS9.5AI score0.10592EPSS
Exploits2References4
CVE
CVEadded 2018/06/11 5:0 p.m.63 views

CVE-2017-3200

CVE-2017-3200 concerns GraniteDS’s AMF3 deserializers. The Java AMF3 implementation in GraniteDS 3.1.1.GA can instantiate arbitrary classes via public no-arg constructors and invoke JavaBeans setters during deserialization, enabling remote attackers to execute arbitrary code if affected classes a...

8.1CVSS8.2AI score0.1373EPSS
Exploits2References4Affected Software1
Atlassian
Atlassianadded 2008/10/01 3:31 a.m.30 views

Make XWork ParametersInterceptor safe from parameter injection attacks

The XWork ParametersInterceptor is a security nightmare as it gives user input submitted form parameters unfettered access to getter/setter methods on action objects. In addition, the interceptor has been shown in the past to be vulnerable to Unicode attacks. Rather than fight a constant and ofte...

3.1AI score
Exploits0Affected Software1
Rows per page
Query Builder