Mastodawn

postmodern Dec 28, 2024

Someone found a Gem::SafeMarshal escape in Ruby! (Also, this blog is 🔥 for Ruby security research.)
https://nastystereo.com/security/ruby-safe-marshal-escape.html

#ruby #rubysec #securityresearch #vulnerabilityresearch #deserializationvulnerability

Gem::SafeMarshal escape / nastystereo.com

Tedi Heriyanto Oct 1, 2023

Python Serialization Vulnerabilities – Pickle: https://www.hackingarticles.in/python-serialization-vulnerabilities-pickle/

#webapplicationsecurity #deserializationvulnerability #python #pickle

Python Serialization Vulnerabilities - Pickle - Hacking Articles

Introduction Serialization gathers data from objects, converts them to a string of bytes, and writes to disk. The data can be deserialized and the original

Hacking Articles

ITSEC News May 7, 2020

Blue Mockingbird Monero-Mining Campaign Exploits Web Apps - The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote co... more: https://threatpost.com/blue-mockingbird-monero-mining/155581/ #deserializationvulnerability #remotecodeexecution #projecttelerikui #vulnerabilities #bluemockingbird #cve-2019-18935 #cryptography #cryptomining #websecurity #redcanary #asp.net #exploit #monero #xmrig

Blue Mockingbird Monero-Mining Campaign Exploits Web Apps

The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise.

Threatpost - English - Global - threatpost.com