105 matches found
CVE-2026-25551
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...
CVE-2026-25551
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...
CVE-2026-25551 Seagull Software BarTender Deserialization Privilege Escalation via .NET Remoting Service
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...
PT-2026-46298
Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack...
Exploit for Deserialization of Untrusted Data in Vmware Spring_Framework
CVE-2016-1000027-with-c...
Exploit for Deserialization of Untrusted Data in Fortra Goanywhere_Managed_File_Transfer
Structure du projet cve-2023-0669-simulation/ ├── docker-comp...
EUVD-2021-14095
Malware in sbrugna...
Shiro_exploit
This is a Python script for exploiting Apache Shiro vulnerabilities. The script is designed to detect and exploit Shiro's deserialization vulnerability. Here's a breakdown of the script: Importing Libraries The script starts by importing various Python libraries, including os, re, base64, uuid,...
shiro-exploit
This is a Python script for exploiting a vulnerability in Apache Shiro, a Java-based security framework. The script is designed to bypass authentication and authorization checks in Shiro, allowing an attacker to gain unauthorized access to sensitive data. The script uses the Crypto.Cipher module ...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
Tomcat CVE-2025-24813 playground ===============================...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2025-24813-PoC === CVE-2025-24813 affects Apache Tomcat - i...
Exploit for Code Injection in Apache Ofbiz
Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-20...
Exploit for Server-Side Request Forgery in Apache Ofbiz
BadBizness Automatic exploitation scrip...
Exploit for Server-Side Request Forgery in Apache Ofbiz
BadBizness Automatic exploitation scrip...
Exploit for Server-Side Request Forgery in Apache Ofbiz
CVE-2023-51467 Graphical Apache Ofbiz: CVE-2023-51467 – Remo...
Exploit for Code Injection in Apache Ofbiz
Apache OFBiz Authentication Bypass Vulnerability CVE-2023-514...
Exploit for Code Injection in Apache Ofbiz
ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For C...
Internet Bug Bounty: CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE
Apache Airflow Spark Provider before 4.1.3 was affected by a deserialization vulnerability that allowed remote code execution RCE. Attackers could exploit this vulnerability by configuring a malicious Spark server address through the Airflow UI, which would then manipulate the PySpark clients...
Jenkins CLI Deserialization of Untrusted Data vulnerability
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in ysoserial"...
GHSA-WFW7-6632-XCV2 Jenkins CLI Deserialization of Untrusted Data vulnerability
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in ysoserial"...