CVE-2021-29505
Deserialization exploit
Reproducing and analyzing the CVE-2021-29505 vulnerability in Java's XStream deserialization process
对CVE-2021-29505进行复现,并分析学了下Xstream反序列化过程
5 stars
2 watching
2 forks
Language: Java
last commit: over 3 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 babyteam1024/cve-2021-2394 | An exploit for a Java vulnerability | 9 |
 danigargu/cve-2020-0796 | An exploit tool for a Windows SMBv3 vulnerability | 1,303 |
 y4er/cve-2020-2883 | Exploits a remote code execution vulnerability in WebLogic Coherence using Java | 178 |
 leadroyal/cve-2019-14540-exploit | An exploit for a Java-based LDAP vulnerability | 20 |
 darryk10/cve-2021-25735 | An exploit demonstrating a Kubernetes validation admission webhook bypass vulnerability | 18 |
 bishopfox/gadgetprobe | Tools for analyzing and exploiting vulnerabilities in Java deserialization vulnerabilities | 587 |
 vysecurity/cve-2018-4878 | Exploits a vulnerability in outdated Shockwave Flash player to gain control of Internet Explorer and execute malicious code. | 87 |
 joaomatosf/javadeserh2hc | A lab project providing code samples and tools to understand deserialization vulnerabilities in Java applications. | 497 |
 jas502n/jackson-cve-2020-8840 | A project that details and demonstrates the impact of a remote code execution vulnerability in a popular Java library used for JSON data binding. | 73 |
 r3dxpl0it/cve-2018-4407 | Exploits a heap buffer overflow vulnerability in the XNU operating system kernel to cause a denial-of-service attack on iOS and macOS devices. | 35 |
 nccgroup/freddy | A tool to detect and exploit deserialization vulnerabilities in Java and .NET applications. | 574 |
| jas502n/cve-2019-12384 | A proof-of-concept project demonstrating a Jackson RCE vulnerability in Ruby that allows an attacker to execute arbitrary commands on the system. | 97 |
 rsmudge/cve-2020-0796-bof | Exploits a vulnerability in SMBv3 compression to achieve privilege escalation and process manipulation. | 68 |
 mogwailabs/rmi-deserialization | Demonstrating vulnerabilities in Java RMI services | 101 |
 directdefense/superserial | A Burp Suite Extender to identify Java Deserialization vulnerabilities in client requests and server responses. | 9 |