Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
deserialization vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2024_24725
A Remote Code Execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint `/modules/System%20Admin/import_run.php&...
1 Metasploit module
NA
CVE_2024_23759
A Remote Code Execution vulnerability in Gambio online webshop version 4.9.2.0 and lower allows remote attackers to run arbitrary commands via unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization...
1 Metasploit module
NA
CVE-2007-1701
PHP 4 prior to 4.4.5, and PHP 5 prior to 5.2.1, when register_globals is enabled, allows context-dependent malicious users to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a st...
Php Php
1 EDB exploit
8.8
CVSSv3
CVE-2022-30981
An issue exists in Gentics CMS prior to 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.
Gentics Gentics Cms
5.4
CVSSv3
CVE-2022-30982
An issue exists in Gentics CMS prior to 5.43.1. There is stored XSS in the profile description and in the username.
Gentics Gentics Cms
9.8
CVSSv3
CVE-2022-24108
The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remote malicious user to inject a serialized PHP object via the setting parameter, potentially resulting in the ability to write to files on the server, cause DoS, and achieve remote code execution because of deseri...
Skyoftech So Listing Tabs 2.2.0
9.8
CVSSv3
CVE-2023-38204
Adobe ColdFusion versions 2018u18 (and previous versions), 2021u8 (and previous versions) and 2023u2 (and previous versions) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not requir...
Adobe Coldfusion 2018
Adobe Coldfusion 2021
Adobe Coldfusion 2023
8.8
CVSSv3
CVE-2020-24034
Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, ...
Sagemcom F\\@st 5280 Router Firmware 1.150.61
9.8
CVSSv3
CVE-2018-17057
An issue exists in TCPDF prior to 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Tecnick Tcpdf
Limesurvey Limesurvey
1 EDB exploit
2 Github repositories
8.8
CVSSv3
CVE-2024-0692
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »