Identifier(s) ASA-2019-00415, CVE-2019-10912, TYPO3-CORE-SA-2019-016 Title Possible deserialization side-effects in symfony/cache Vendor(s) TYPO3 Association Product(s) TYPO3 CMS Affected version(s) TYPO3 CMS versions 9.4.0 to 9.5.7 Fixed version(s) TYPO3 CMS version 9.5.8 Proof of concept Unknown Description Third party component symfony/cache could have been potentially leading to removal of arbitrary files in combination with other insecure deserialization … Continue reading ASA-2019-00415 – TYPO3: Possible deserialization side-effects in symfony/cache
A deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
This remote code execution vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
An authenticated user with privileges to configure email templates can execute arbitrary code via a PHP archive deserialization vulnerability.
An authenticated user with administrative privileges can execute arbitrary code through a Phar deserialization vulnerability.
ConfigAPI allows to configure Solr's JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.
Passing an absolute path to a file_exists() check in phpBB before 3.2.4 allows authenticated remote code execution through object injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
systemd has the ability to serialize and deserialize data. In some functions of this feature, lines longer than LINE_MAX aren't properly handled and the content of a property longer than that is interpreted as serialized state. This allows an attacker to corrupt or to inject values in the state of the service when systemd needs to deserialize data.