rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper deserialization over named pipes.
e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC.
Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization.
A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization.
A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serializ...
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration ...