deserialization vulnerabilities and exploits

5.1
CVSSv2
CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an...

5
CVSSv2
CVE-2017-11143

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c....

5.1
CVSSv2
CVE-2018-12023

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access,...

7.5
CVSSv2
CVE-2019-16894

download.php in inoERP 4.15 allows SQL injection through insecure deserialization....

7.5
CVSSv2
CVE-2016-8736

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack....

7.5
CVSSv2
CVE-2019-6503

There is a deserialization vulnerability in Chatopera cosin v3.10.0. An attacker can execute commands during server-side deserialization by uploading maliciously constructed files. This is related to the TemplateController.java impsave method and the MainUtils toObject method....

6.8
CVSSv2
CVE-2019-11666

Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data....

7.5
CVSSv2
CVE-2015-6420

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and...

ApacheCommons Collections
7.5
CVSSv2
CVE-2019-15780

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization....

7.5
CVSSv2
CVE-2019-12240

The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php....