Rezultati pretraživanja
  1. 14. lis 2016.

    Java8u20 RCE gadget. as always your work is amazing...

  2. 22. stu 2016.

    I found a new deserialization endpoint in Tomcat: CVE-2016-8735 same attack vector than my CVE-2016-3427

  3. 26. lis 2017.

    a little in deep with Lab CVE-2015-7501 CVE-2017-7504 CVE-2017-12149 at

    Prikaži ovu nit
  4. 2. velj 2018.

    We review some vulnerabilities in Android and showed how to find them using QL, these include CVE-2014-7911(), CVE-2015-3825 ( and ), CVE-2017-411/412() and a new one CVE-2017-0871:

  5. 29. stu 2019.

    My RCE in Apache Nutch has been fixed. Thanks project team! Combining 2 known issues with 3rd party libraries (CVE-2015-7501 + CVE-2016-6809)

    Prikaži ovu nit
  6. 19. lis 2018.
    Prikaži ovu nit
  7. Some Java Deserialization Security FAQ - to answer dev questions about - feedback welcome

  8. 5. pro 2019.
  9. 10. stu 2016.

    Thanks Tim for having managed this so efficiently. New Java deserialization endpoint

  10. 16. stu 2016.

    Java deserialization endpoint found by Jacob Baines in VMwaew vRealize Operations 

  11. 12. ruj 2017.

    ColdFusion vuln: "unsafe Java deserialization that could result in remote code execution (CVE-2017-11283, CVE-2017-11284)"

  12. 5. pro 2019.
  13. 13. ožu 2019.

    Some awesome exploit chaining here, including discovering a new gadget

  14. 13. lis 2016.

    Deserialization endpoint: IBM Websphere

  15. 9. stu 2018.

    Pre-auth root RCE vuln in Cisco Unity Express. "A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user."

  16. 31. lis 2016.

    On Saturday 10am at I will talk about Java serialization security

  17. 4. tra 2017.
    Odgovor korisniku/ci

    Turning Externalizable.readExternal into ObjectInputStream.readObject in AMF

  18. 30. lip 2016.
  19. 14. velj 2018.

    PoC for attacks on Android apps. Beware with your dependencies if you use Intent extras. By &

  20. Nice to see the video of our AppSecEU talk about Java deserialization released // cc

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.