CVE & Exploit Intelligence Database

CVE-2018-3784 9.8 CRITICAL EPSS 0.00

A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization.

CWE-502 Aug 17, 2018

CVE-2018-8349 8.8 HIGH EPSS 0.31

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CWE-502 Aug 15, 2018

CVE-2018-12539 7.8 HIGH EPSS 0.00

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no.

CWE-502 Aug 14, 2018

CVE-2018-14878 7.8 HIGH EPSS 0.00

JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data.

CWE-502 Aug 13, 2018

CVE-2018-15133 8.1 HIGH KEV 15 PoCs Analysis EPSS 0.84

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.

CWE-502 Aug 09, 2018

CVE-2016-4405 8.8 HIGH EPSS 0.15

A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26

CWE-502 Aug 06, 2018

CVE-2016-4398 8.8 HIGH EPSS 0.15

A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.

CWE-502 Aug 06, 2018

CVE-2016-8653 5.3 MEDIUM EPSS 0.00

It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could use this flaw to launch a denial of service attack.

CWE-502 Aug 01, 2018

CVE-2016-8648 7.2 HIGH EPSS 0.01

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath.

CWE-502 Aug 01, 2018

CVE-2017-10934 9.8 CRITICAL EPSS 0.07

All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host.

CWE-502 Jul 25, 2018

CVE-2018-8018 9.8 CRITICAL EPSS 0.04

In Apache Ignite before 2.4.8 and 2.5.x before 2.5.3, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.

CWE-502 Jul 20, 2018

CVE-2016-9498 9.8 CRITICAL EPSS 0.70

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.

CWE-502 Jul 13, 2018

CVE-2016-9483 9.8 CRITICAL EPSS 0.01

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obtain files from the server.

CWE-502 Jul 13, 2018

CVE-2018-1000210 7.8 HIGH 1 Writeup EPSS 0.00

YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. that can result in Code execution in the context of the running process. This attack appear to be exploitable via Victim must parse a specially-crafted YAML file. This vulnerability appears to have been fixed in 5.0.0.

CWE-502 Jul 13, 2018

CVE-2017-18342 9.8 CRITICAL 1 Writeup EPSS 0.04

In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

CWE-502 Jun 27, 2018

CVE-2018-1000527 7.2 HIGH EPSS 0.03

Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Passing malicious PHP objection in $_POST['ssl_ipandport']. This vulnerability appears to have been fixed in after commit c1e62e6.

CWE-502 Jun 26, 2018

CVE-2018-1000525 9.8 CRITICAL EPSS 0.04

openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to be exploitable via Specially crafted GET request variable containing serialised PHP object. This vulnerability appears to have been fixed in after commit 097eae0.

CWE-502 Jun 26, 2018

CVE-2018-1000509 7.2 HIGH EPSS 0.01

Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. This attack appear to be exploitable via Attacker must have access to admin account. This vulnerability appears to have been fixed in 2.8.

CWE-502 Jun 26, 2018

CVE-2018-6497 8.8 HIGH EPSS 0.00

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).

CWE-502 Jun 16, 2018

CVE-2018-6496 8.8 HIGH EPSS 0.00

Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF).

CWE-502 Jun 16, 2018