Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-12630
A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote malicious user to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affe...
Cisco Security Manager
895
VMScore
CVE-2019-17556
Apache Olingo versions 4.0.0 to 4.6.0 provide the AbstractService class, which is public API, uses ObjectInputStream and doesn't check classes being deserialized. If an attacker can feed malicious metadata to the class, then it may result in running attacker's code in t...
Apache Olingo
668
VMScore
CVE-2020-12835
An issue exists in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Netwo...
Smartbear Readyapi 3.2.5
756
VMScore
CVE-2018-17057
An issue exists in TCPDF prior to 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Tecnick Tcpdf
Limesurvey Limesurvey
1 EDB exploit
2 Github repositories
NA
CVE-2024-23759
Deserialization of Untrusted Data in Gambio up to and including 4.9.2.0 allows malicious users to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
Gambio Gambio 4.9.2.0
1 Metasploit module
NA
CVE-2023-36777
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019
NA
CVE_2024_24725
A Remote Code Execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint `/modules/System%20Admin/import_run.php&...
1 Metasploit module
NA
CVE_2024_23759
A Remote Code Execution vulnerability in Gambio online webshop version 4.9.2.0 and lower allows remote attackers to run arbitrary commands via unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization...
1 Metasploit module
NA
CVE-2022-30981
An issue exists in Gentics CMS prior to 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.
Gentics Gentics Cms
NA
CVE-2022-30982
An issue exists in Gentics CMS prior to 5.43.1. There is stored XSS in the profile description and in the username.
Gentics Gentics Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »