Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-59287-WSUS powershell version of hawktrace POC exploi...

Exploit for CVE-2025-59287

CVE-2025-59287 WSUS RCE Exploit Automated exploit for Windows...

GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Vulnerability

Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE : CVE-2023-34634 GreenSho...

Exploit for SQL Injection in Progress Moveit_Cloud

CVE-2023-34362 POC for CVE-2023-34362 affecting MOVEit Transfe...

8x8: Remote Code Execution on ██.8x8.com via .NET VSTATE Deserialization

@0daystolive reported to us a flaw in a 3rd party community platform, which could be exploited to achieve RCE. We swiftly relayed this to the vendor and their engineering team turned off the affected code, which resolved the issue. For more details about this vulnerability read:...

CVE-2021-31181

Microsoft SharePoint Remote Code Execution Vulnerability Recent assessments: zeroSteiner at June 09, 2021 3:31pm UTC reported: The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user-supplied data. This can be leveraged by an attacker to leak sensitive information in...

CVE-2021-28482

Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483. Recent assessments: zeroSteiner at June 03, 2021 1:07pm UTC reported: This vulnerability is a deserialization flaw in Exchange’s...

Exploit for Improper Authentication in Microsoft

CVE-2020-0688 Microsoft Exchange Server Fixed Cryptographic Ke...

DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...

Sitecore 8.x - Deserialization Remote Code Execution

Sitecore 8.x - Deserialization Remote Code Execution Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads:...

Sitecore 8.x Deserialization Remote Code Execution

Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads: https://dev.sitecore.net/Downloads.aspx Version: Sitecore 8.0 Revision 150802...

Sitecore 8.x - Deserialization Remote Code Execution

Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads: https://dev.sitecore.net/Downloads.aspx Version: Sitecore 8.0 Revision 150802...

Sitecore 8.x - Deserialization Remote Code Execution Vulnerability

Exploit for asp platform in category web applications Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads:...

如何针对使用HTTP的.NET Remoting finding and using deserialization vulnerability-vulnerability warning-the black bar safety net

One, overview In the NCC Group and most recent safety assessment, 我发现了一个.NET v2. 0 app, 该应用程序使用.NET Remoting by HTTP to send the SOAP request to the other server to communicate. In the application of the anti-compiled, I realized that the server has TypeFilterLevel is set to Full, this is very...

Critical Code Execution Flaw Found in CyberArk Enterprise Password Vault

A critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application. Enterprise password manager EPV solutions help organizations...

CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution Vulnerabili

The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected...

CyberArk Password Vault Web Access &lt; 9.9.5 / &lt; 9.10 / 10.1 - Remote Code Execution

Advisory: CyberArk Password Vault Web Access Remote Code Execution The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web...

CyberArk Password Vault Web Access Remote Code Execution

Advisory: CyberArk Password Vault Web Access Remote Code Execution The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web...