JetBrains TeamCity up to 2019.1.3 Java Deserialization Code Execution
November 3rd, 2019 📆 | 6523 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 5.3 $0-$5k A vulnerability was found in JetBrains TeamCity up to 2019.1.3.
Browsing the "deserialization" Tag
Tagged with: deserialization • execution • jetbrains • teamcity
Liferay Portal CE 6.2.5 JSON Payload Deserialization privilege escalation
October 6th, 2019 📆 | 7884 Views ⚑
A vulnerability was found in Liferay Portal CE 6.2.5 and classified as critical. Affected by this issue is an unknown
Tagged with: deserialization • escalation • liferay • payload • portal • privilege
Codehaus 1.9.x Deserialization privilege escalation
October 3rd, 2019 📆 | 7860 Views ⚑
A vulnerability was found in Codehaus 1.9.x. It has been rated as critical. Affected by this issue is an unknown
Tagged with: codehaus • deserialization • escalation • privilege
inoERP up to 4.15 Deserialization download.php sql injection
September 27th, 2019 📆 | 6140 Views ⚑
A vulnerability, which was classified as critical, was found in inoERP up to 4.15. Affected is an unknown function of
Tagged with: deserialization • download • injection • inoerp
Micro Focus Service Manager up to 9.62 Deserialization unknown vulnerability
September 19th, 2019 📆 | 4294 Views ⚑
A vulnerability was found in Micro Focus Service Manager up to 9.62. It has been classified as critical. This affects
Tagged with: deserialization • focus • manager • micro • service • unknown • vulnerability
New Java Vulnerabilities? Deserialization, Botnet Cannibalism, & Updates
September 13th, 2019 📆 | 5362 Views ⚑
Java is the programming language that is considered a favorite for both ethical and illegal hacking, according to Mehedi Hasan of
Tagged with: botnet • cannibalism • deserialization • updates • vulnerabilities
eFront LMS 5.2.12 Deserialization Web Request PHP Code Execution privilege escalation
September 6th, 2019 📆 | 7813 Views ⚑
A vulnerability was found in eFront LMS 5.2.12. It has been classified as critical. Affected is an unknown functionality of
Tagged with: deserialization • efront • escalation • execution • privilege • request
Apache Tapestry 5.3.6 HMAC Verification Deserialization unknown vulnerability
September 3rd, 2019 📆 | 8286 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 5.1 $5k-$25k A vulnerability was found in Apache Tapestry 5.3.6. It has
Tagged with: apache • deserialization • tapestry • unknown • verification • vulnerability
formidable Plugin up to 4.02.00 on WordPress Deserialization unknown vulnerability
August 30th, 2019 📆 | 2126 Views ⚑
A vulnerability, which was classified as problematic, was found in formidable Plugin up to 4.02.00 on WordPress (WordPress Plugin). Upgrading
Tagged with: deserialization • formidable • plugin • unknown • vulnerability • wordpress
option-tree Plugin up to 2.7.2 on WordPress Deserialization privilege escalation
August 23rd, 2019 📆 | 7621 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 5.3 $0-$5k A vulnerability classified as critical was found in option-tree Plugin
Tagged with: deserialization • escalation • option • plugin • privilege • wordpress
NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects
July 30th, 2019 📆 | 5788 Views ⚑
The class _NSDataFileBackedFuture can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that
Tagged with: allows • backed • deserialization • nsdata • nskeyedunarchiver • objects
NSArray Deserialization can Invoke Subclass that does not Retain References
July 30th, 2019 📆 | 2671 Views ⚑
When deserializing a class with initWithCoder, subclasses of that class can also be deserialized so long as they do not
Tagged with: deserialization • invoke • nsarray • references • retain • subclass
Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
July 27th, 2019 📆 | 8031 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 5.5 $5k-$25k A vulnerability was found in Apache Storm up to 1.2.2.
Tagged with: apache • daemon • deserialization • escalation • privilege • storm
serde_yaml 0.6.0/0.8.3 Deserialization YAML File Recursion denial of service
July 25th, 2019 📆 | 1758 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 3.4 $0-$5k A vulnerability was found in serde_yaml 0.6.0/0.8.3. It has been
Tagged with: denial • deserialization • recursion • serde • service
TYPO3 up to 8.7.26/9.5.7 Deserialization privilege escalation
July 10th, 2019 📆 | 2311 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 5.5 $5k-$25k A vulnerability was found in TYPO3 up to 8.7.26/9.5.7 (Content
Tagged with: deserialization • escalation • privilege • typo3
EthereumJ 1.8.2 Deserialization mine/Ethash.java ois.readObject privilege escalation
June 21st, 2019 📆 | 2297 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 9.8 $0-$5k A vulnerability, which was classified as very critical, has been
Tagged with: deserialization • escalation • ethash • ethereumj • privilege • readobject
Oracle Patches Another Remote Code Execution Flaw in WebLogic
June 19th, 2019 📆 | 4227 Views ⚑
Oracle on Tuesday announced that it has released emergency patches for a critical remote code execution vulnerability affecting WebLogic Server,
Tagged with: another • CVE-2019-2725 • CVE-2019-2729 • deserialization • execution • oracle • out-of-band patch • patches • remote • remote code execution vulnerability • weblogic
Sitecore 8.x – Deserialization Remote Code Execution
June 16th, 2019 📆 | 4427 Views ⚑
# Exploit Title: Sitecore v 8.x Deserialization RCE # Date: Reported to vendor October 2018, fix released April 2019. #
Tagged with: deserialization • execution • remote • sitecore
Shopware up to 5.6.x Deserialization createInstanceFromNamedArguments Web Request Remote Code Execution
June 14th, 2019 📆 | 3802 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 6.3 $0-$5k A vulnerability, which was classified as critical, was found in
Tagged with: createinstancefromnamedarguments • deserialization • execution • remote • request • shopware
Parso up to 0.4.0 Grammar Parser Deserialization privilege escalation
June 8th, 2019 📆 | 7181 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 5.5 $0-$5k A vulnerability was found in Parso up to 0.4.0 and
Tagged with: deserialization • escalation • grammar • parser • parso • privilege
IBM Websphere Application Server – Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)
June 7th, 2019 📆 | 5174 Views ⚑
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule 'IBM Websphere Application Server Network Deployment
Tagged with: application • deployment • deserialization • network • server • untrusted • websphere
Sitecore Experience Platform up to 9.1.0 Deserialization OS Command Injection privilege escalation
June 7th, 2019 📆 | 1901 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 6.0 $0-$5k A vulnerability was found in Sitecore Experience Platform up to
Tagged with: command • deserialization • experience • injection • platform • privilege • sitecore
Godot up to 3.1 Deserialization Remote Code Execution
June 1st, 2019 📆 | 5534 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 6.3 $0-$5k A vulnerability, which was classified as critical, was found in
Tagged with: deserialization • execution • godot • remote
Sitecore CMS/XP Sitecore.Security.AntiCSRF __CSRFTOKEN Deserialization privilege escalation
June 1st, 2019 📆 | 6791 Views ⚑
CVSS Meta Temp Score Current Exploit Price (≈) 7.3 $0-$5k A vulnerability was found in Sitecore CMS and XP (unknown
Tagged with: anticsrf • csrftoken • deserialization • privilege • security • sitecore
12
-
-
Popular
Discord Turned Into an Info-Stealing Backdoor by New Malware October 24, 2019 A new malware is targeting Discord users by modifying the Windows…
Marriott hotel chain hacked again; customers’… November 7, 2019 Marriott International hotel chain has alerted its customers about a…
He Thought His Phone Was Secure; Then He Lost $24… November 9, 2019 The first hint that Michael Terpin was about to have…
New Google Android Malware Warning Issued To 8… October 24, 2019 Google’s Android Play Store has come under fire again after…
Windows ‘BlueKeep’ Attack That U.S. Government… November 3, 2019 Microsoft, the NSA and even the U.S. Government warned Windows…
Georgia hit by massive cyber-attack October 28, 2019 Image copyright Pirveli Image caption The TV channel Pirveli's website…
How New ‘Delegated Credentials’ Boosts… November 6, 2019 Mozilla, in partnership with Facebook, Cloudflare, and other IETF community…
Comments