3 writeups tagged with Deserialization
Express.js prototype pollution vulnerability leads to remote code execution via deserialization of a crafted payload.
IIS 10.0 running Kartris eCommerce on Windows. SQL injection and .NET deserialization chain leads to code execution and privilege escalation.
Apache ActiveMQ CVE-2023-46604 unauthenticated RCE via ClassInfo deserialization. Sudo nginx misconfiguration for arbitrary file read and root access.
