CVE & Exploit Intelligence Database

CVE-2019-16755 9.8 CRITICAL EPSS 0.04

BMC Remedy ITSM Suite is prone to unspecified vulnerabilities in both DWP and SmartIT components, which can permit remote attackers to perform pre-authenticated remote commands execution on the Operating System running the targeted application. Affected DWP versions: versions: 3.x to 18.x, all versions, service packs, and patches are affected by this vulnerability. Affected SmartIT versions: 1.x, 2.0, 18.05, 18.08, and 19.02, all versions, service packs, and patches are affected by this vulnerability.

CWE-502 Sep 26, 2019

CVE-2019-11666 8.8 HIGH EPSS 0.00

Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.

CWE-502 Sep 17, 2019

CVE-2019-0195 9.8 CRITICAL EPSS 0.16

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this symbol could be used to craft a Java deserialization attack, thus running malicious injected Java code. The vector would be the t:formdata parameter from the Form component.

CWE-502 Sep 16, 2019

CVE-2019-16335 9.8 CRITICAL 2 PoCs Analysis EPSS 0.01

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

CWE-502 Sep 15, 2019

CVE-2019-14540 9.8 CRITICAL 3 PoCs Analysis EPSS 0.06

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

CWE-502 Sep 15, 2019

CVE-2019-16317 8.8 HIGH 1 Writeup EPSS 0.00

In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318.

CWE-502 Sep 14, 2019

CVE-2019-0189 9.8 CRITICAL EPSS 0.31

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16

CWE-502 Sep 11, 2019

CVE-2017-18605 9.8 CRITICAL EPSS 0.01

The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.

CWE-502 Sep 10, 2019

CVE-2017-18604 7.5 HIGH EPSS 0.00

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.

CWE-502 Sep 10, 2019

CVE-2019-14224 7.2 HIGH 1 PoC Analysis EPSS 0.01

An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr configuration files and then receive a JMX connection from the victim, and serve a Java object that results in deserialization and code execution.

CWE-502 Sep 05, 2019

CVE-2019-5069 8.8 HIGH EPSS 0.01

A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.

CWE-502 Sep 05, 2019

CVE-2018-11569 9.8 CRITICAL EPSS 0.00

Controller/ListController.php in Eventum 3.5.0 is vulnerable to Deserialization of Untrusted Data. Fixed in version 3.5.2.

CWE-502 Sep 05, 2019

CVE-2019-15780 9.8 CRITICAL EPSS 0.01

The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.

CWE-502 Aug 29, 2019

CVE-2019-15521 9.8 CRITICAL 1 Writeup EPSS 0.01

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.

CWE-502 Aug 26, 2019

CVE-2018-20987 9.8 CRITICAL EPSS 0.01

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.

CWE-502 Aug 22, 2019

CVE-2019-11030 9.8 CRITICAL EPSS 0.00

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget (contained in a serialized object) may be executed with SYSTEM privileges. The attacker must properly encrypt the object; however, the hardcoded keys are available.

CWE-502 Aug 22, 2019

CVE-2019-15321 9.8 CRITICAL EPSS 0.01

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.

CWE-502 Aug 22, 2019

CVE-2019-15320 9.8 CRITICAL EPSS 0.01

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.

CWE-502 Aug 22, 2019

CVE-2019-15319 9.8 CRITICAL EPSS 0.01

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.

CWE-502 Aug 22, 2019

CVE-2018-20984 9.8 CRITICAL EPSS 0.01

The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.

CWE-502 Aug 22, 2019