Security Vulnerabilities, CVEs, Published In November 2015
CVE-2015-8103
Public exploit
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
Max CVSS
9.8
EPSS Score
79.49%
Published
2015-11-25
Updated
2024-01-09
CVE-2015-7808
Public exploit
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
Max CVSS
7.5
EPSS Score
74.24%
Published
2015-11-24
Updated
2015-11-25
CVE-2015-4852
Known exploited
Public exploit
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.
Max CVSS
9.8
EPSS Score
96.88%
Published
2015-11-18
Updated
2023-12-21
CISA KEV Added
2021-11-03
3 vulnerabilities found