CODE WHITE - FINEST HACKING
Intelligence Driven Security
Initial Assessment
Security Intelligence Service
About us
PUBLIC VULNERABILITY LIST
SPThemeBackgroundImageUri Relative Path Traversal in SharePoint
Multiple Vulnerabilities in Syncfusion ASP.NET MVC
SequenceExternalizable Arbitrary Deserialization in WebLogic Server
...
CAREERS
Challenge
Pentester / Redteamer
Vulnerability Intelligence Analyst
BLOG
Teaching the Old .NET Remoting New Exploitation Tricks
Leaking ObjRefs to Exploit HTTP .NET Remoting
Exploiting ASP.NET TemplateParser — Part II: SharePoint (CVE-2023-33160)
...
>
CODE WHITE - Finest Hacking
>
Tags
>
vulnerability
SPThemeBackgroundImageUri Relative Path Traversal in SharePoint
Multiple Vulnerabilities in Syncfusion ASP.NET MVC
SequenceExternalizable Arbitrary Deserialization in WebLogic Server
SequenceExternalizable Arbitrary Deserialization in WebLogic Server
EntityDataSource Insecure Type Resolution in Telerik Report Server
EntityDataSource Insecure Type Resolution in Telerik Reporting
Insecure Expression Evaluation in Telerik Reporting
Unauthenticated Remote Code Execution in Backup & Replication
Unauthenticated Content Injection in OpenEdge Management
Accessible Logs in Spectrum
Authenticated XXE in Spectrum
Authentication Bypass in Spectrum
Deserialization of Untrusted Data in Spectrum
HardCoded not changable credentials in Spectrum
Serverside Request Forgery TestDataServiceRequest in Spectrum
Serverside Request Forgery testDeviceConnection in Spectrum
Unprotected JMX Registry in Spectrum
UnknownTypeResolver Insecure Type Resolution in Telerik Report Server
UnknownTypeResolver Insecure Type Resolution in Telerik Reporting
PreAuth Insecure Deserialization in Dynamics 365 Business Central
BinarySerializerVulnerabilityFilter Bypass in Service Provider Console
Insecure NET Remoting in Project Center Server
Unauthenticated SQL Injection in Smartfactory Shopfloor.guide
HTTP NET Remoting ObjRef Leak in .NET Framework
SSRF NetNTLM Leaks in Tableau Server
Authentication Bypass in AI BOX
PreAuthenticated XXE in CCTV with Observer
JNDI Injection in Pentaho Business Analytics Server
Authenticated Remote Code Execution in GridVis
HardCoded Encryption Password Allows for Authenticated Leak of Cleartext Database Credentials in GridVis
Unauthenticated Arbitrary File Write as Root in PROFINET-INspector NT
Unauthenticated OS Command Injection in PROFINET-INspector NT
Security Feature Bypass Vulnerability in ASP.NET
Unauthenticated Serverside Request Forgery in Skype for Business Server
Local Privilege Escalation in Ivanti Desktop and Server Management
Arbitrary Java EL Execution in Workspace
SPPageparserFilter Bypass in SharePoint
Data Source Protection Bypass During XML Deserialization in DevExpress
Exposed Dangerous Method or Function in Experience Manager, Experience Platform, and Experience Commerce
Insecure Arbitrary TypeConverter Conversion in DevExpress
Missing Protection of XtraReport Serialized Data in ASPNET Web Forms in DevExpress
ServerSide Request Forgery Via AsyncDownloader in DevExpress
Deserialization of Untrusted Data in Pentaho Business Analytics Server
Unauthenticated Arbitrary File Read as SYSTEM in MCL-Net
Multiple Vulnerabilities Unauthenticated in FortiNAC
Hardcoded Administrative Credentials in TG670 DSL gateway router
Unauthenticated Remote Code Execution in GoAnywhere MFT
Multiple Vulnerabilities in Tornado Server
Unauthenticated Remote Code Execution in pgAdmin Web (Windows)
Unauthenticated XXE in Sophos Mobile
Unauthorized User Registration in Apache Archiva
LowPriv User Stack Buffer Overflow in 2FA in Kerio Connect
Authentication Bypass in R1Soft Server Backup Manager
Authenticated Command Injection in App Platform AP Manager
Authenticated Command Injection in SEPPmail Appliance
Authenticated Command Injection in EDR-810 Series
Authenticated Command Injection in TN-5916 NAT Router
Authentication Bypass in TN-5916 NAT Router
Unauthenticated Remode Code Execution in gRPC Interfaces in SmarterStats
Vulnerable RMI Call in Windchill PDMLink
RequestDispatcher Local File Inclusion in ZK Framework
Unauthenticated Remote Code Execution in Phone Management System
Unauthenticated Remote Code Execution in StoreEver ESL G3 Tape Library
Authentication Bypass Unauthenticated Root Password Reset in Citrix ADM
Unauthenticated Service Shutdown in Citrix ADM
Unauthenticated Remote Code Execution in ACT! CRM
Deserialization Protection Bypass in Exchange 2013/2016/2019
Unauthenticated Remote Code Execution in ADMIRA/AREMA
Unauthenticated Remote Code Execution in TPT
Authenticated XXE in TIBCO JasperReports Server
Unauthenticated RCE via Unsafe Cookie Deserialization in HelpSpot
UnAuthenticated Remote Code Execution in Jedox
NET Deserialization in Cerberus DSM, Desigo CC, Desigo CC Compact
Arbitrary File Reading via Hardcoded Crypto Key in Storefront
RCE via Arbitrary Class Execution in Lobster AdminConsole
Local Privilege Escalation to SYSTEM in Aternity Agent
Path Traversal in ShareFile StorageZone Controller
NET Deserialization via NET Remoting in Backup & Replication
Several Unauthenticated Remote Code Executions File Reads and Writes in Security Manager
Various vulnerabilities file read file write SQL injection XSL transformation DataSet deserialization in Protean CMS
LFI leads to RCE in WebConfig
SQL Injection in Firewall XG
Java Deserialization in WebLogic Server
Java Deserialization in WebLogic Server
Arbitrary File Read in Spring Web MVC
Unauthenticated Remote Code Execution via NET Remoting in SmarterStats
Unauthenticated access to encrypted administration credentials in Dell VxRail
Authenticated Remote Code Execution via unsecure Java deserialization in OpenNMS
Unauthenticated change of system configuration via unprotected Java servlets in ManageEngine ADManager Plus, ManageEngine Cloud Security Plus, ManageEngine Log360, ManageEngine ADAudit Plus, ManageEngine DataSecurity Plus, ManageEngine O365 Manager Plus, ManageEngine RecoveryManager Plus, ManageEngine EventLog Analyzer
Unauthenticated Remote Code Execution via unsecure Java deserialization in HPE Insight Systems Manager
622 631 in Avalanche Data Repository Service
Java Deserialization in Portal
Arbitrary File Upload in Telerik UI for Silverlight
Missing Authorization Check in SAP NetWeaver AS JAVA MigrationService in Netweaver
in SmarterMail
Java Deserialization in FortiSIEM
Authentication Bypass Path Traversal in ASES
Path Traversal in Telerik MVC
Privilege escalation via unsecure NET deserialization and Process Spoofing in TinyWall
Java Deserialization in 300 People
Authenticated Remote Code Execution via unsecure NET deserialization in C1 CMS
Unauthenticated SQLInjection via unprotected Java servlet in ManageEngine OpManager
Mitigation Bypass in Telerik UI for Ajax ASP.NET
NET Deserialization in myLittleAdmin
Path Traversal Unauthenticated Socks5 Proxy in MailEnable
Java Deserialization in cpanel-dovecot-solr
Authenticated Remote Code Execution via unsecure Java deserialization in FTAPI
NET Deserialization in
Java Deserialization in Secure Global Desktop
Unauthenticated Remote Code Execution via unprotected RMIRegistry in IBM ServRAID
XXE in SyncML XXE in Keyoti RapidSpell in SmarterMail
NET Deserialization in CribMaster
NET Deserialization in Telerik UI for Ajax ASP.NET
NET Deserialization in DevExpress
Authenticated file system data exfiltration via SOAP webservice in ILIAS
NET Deserialization in Managed Workplace RMM
EL Injection in RichFaces
EL Injection in RichFaces
NET Deserialization in Genuine Channels
Java Deserialization in GWT
NET Deserialization in
El Injection in
Java Deserialization in P4
Java Deserialization in
Java Deserialization in Jira
Java Deserialization in Spring Flex
Java Deserialization JavaBeans Setter in GraniteDS
Java Deserialization JavaBeans Setter XXE in Flamingo amf-serializer
Java Deserialization JavaBeans Setter XXE in Flex BlazeDS
Java Deserialization XXE in WebORB for Java
Arbitrary File Upload in ezPublish
SQL Injection in ezPublish
Java Deserialization in CrashPlan PROe
in Service Manager
SQL Injection Path Traversal JSP File Inclusion in Edge Server
Java Deserialization in Hyperion
in Endpoint Protection
Arbitrary File UploadDownload in Edge Server
Java Deserialization XXE in Service Manager
Java Deserialization in Weblogic JMS Client
Java Deserialization in Weblogic JMS Client
Java Deserialization in WebSphere MQ JMS Client
Command Injection in Endpoint Protection Manager
Java Deserialization in Endpoint Protection Manager
Java Deserialization in Active MQ
in Community
Java Deserialization Command Injection in Edge Server
in Flex BlazeDS
Java Deserialization in Bamboo
Authentication Bypass Arbitrary File WriteRead Privilege Escalation Path Traversal SQL Injection Binary Planting in Endpoint Protection
SQL Injection in webEdition
SQL Injection in WebsiteBaker
Java Deserialization in WebLogic Server
Java Deserialization in WebLogic Server
Command Execution in Usermin
Privilege Escalation via named pipe in iPass Open Mobile
in Jira
Binary Planting in Management Server Client
Java Deserialization in ActiveMQ Artemis JMS Client
Java Deserialization in Qpid Client/JMS Client
Java Deserialization in Spring AMQP
Java Deserialization in Weblogic Server
Java Deserialization in Weblogic Server
Java Deserialization in WebLogic Server
Java Deserialization in WebLogic Server
Named Pipe Process Call Arbitrary in Management Server
NET Deserialization in Skype for Business
Path Traversal in Management Server
Path TraversalBinary Planting on Deployed Agent in Management Server
PHP Deserialization in Remote Support Portal
SQL Injection in Management Server
