Insecure Deserialization

Title	Vulnerabilities	Programs	Authors
Gadgets chain in Laravel	Insecure Deserialization RCE Security Code Review	Undisclosed	Maxime Rinaudo (@MaxRio13)
Securing our home labs: Home Assistant code review	Insecure Deserialization CSRF RCE Code Injection Android IOS Security Code Review	Home Assistant	Alvaro Muñoz (@Pwntester)
Gadgets chain in WordPress	Insecure Deserialization RCE Security Code Review	Undisclosed	Maxime Rinaudo (@MaxRio13)
Finding A RCE Gadget Chain In WordPress Core	RCE PHP Pop Chain Insecure Deserialization	WordPress	Marc Montpas
Finding A Pop Chain On A Common Symfony Bundle: Part 2	Insecure Deserialization RCE Security Code Review	Doctrine-Bundle (Symfony Package)	Rémi Matasse (@_Remsio_)
RCE in Progress WS_FTP Ad Hoc via IIS HTTP Modules (CVE-2023-40044)	Insecure Deserialization RCE Security Code Review	Progress (MOVEit Transfer)	Shubham Shah (@Infosec_au) Sean Yeoh (@Seanyeoh)
Finding Deserialization Bugs In The Solarwind Platform	RCE Insecure Deserialization Security Code Review	SolarWinds	Piotr Bazydło (@Chudypb)
CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution	Insecure Deserialization RCE	VMware (Spring Kafka)	Pyn3rd (@Pyn3rd)
Finding A Pop Chain On A Common Symfony Bundle: Part 1	Insecure Deserialization Security Code Review	Doctrine-Bundle (Symfony Package)	Rémi Matasse (@_Remsio_)
Paranoids Vulnerability Research: Ivanti Issues Security Alert	RCE Insecure Deserialization Security Code Review	Ivanti	Blaine Herro
Apache Superset Part II: RCE, Credential Harvesting and More	RCE Insecure Deserialization URL Validation Bypass Broken Authorization Arbitrary File Read Insufficiently Protected Credentials Default Flask Secret Key Hardcoded Credentials	Apache Superset	Naveen Sunkavally
Part 3: Learning iOS App Pentesting and Application Security with Real-World Case Studies	IOS Insecure Deserialization SSL Pinning Bypass	Undisclosed	Swaroop Yermalkar (@Swaroopsy)
Identifying and Exploiting Unsafe Deserialization in Ruby	Insecure Deserialization	Undisclosed	Plenum (@Plenumlab)
Adobe ColdFusion Pre-Auth RCE(s)	RCE ColdFusion JNDI Injection Insecure Deserialization Security Code Review Patch Diffing	Adobe (ColdFusion)	Harsh Jaiswal (@Rootxharsh) Rahul Maini (@Iamnoooob)
Exploiting JMeter via RMI	Insecure Deserialization Java RMI RCE Security Code Review	Apache JMeter	Christopher Ellis
From Blackbox .NET Remoting to Unauthenticated Remote Code Execution	RCE .NET Remoting Insecure Deserialization	Act!	Florian Hauser (@Frycos)
CVE-2023-20864: Remote Code Execution In VMware Aria Operations For Logs	RCE Insecure Deserialization Security Code Review	VMware	Dustin Childs
FortiNAC - Just a few more RCEs	RCE XXE Insecure Deserialization OS Command Injection Argument Injection Security Code Review	Fortinet	Florian Hauser (@Frycos)
Jasper Reports Library Code Injection	RCE SSTI Insecure Deserialization Security Code Review	Jasper Reports	Dennis Heinze
Multiple vulnerabilities in Delmia Apriso 2017 to 2022	Insecure Deserialization RCE SSRF Reflected XSS	Dassault Systèmes (Delmia Apriso)	Mehdi Elyassa Vincent Herbulot
Microsoft Exchange Powershell Remoting Deserialization leading to RCE (CVE-2023-21707)	RCE Insecure Deserialization	Microsoft (Exchange)	Nguyễn Tiến Giang (@Testanull)
Weblogic CVE-2023-21931 vulnerability exploration technique: post-deserialization exploitation	Insecure Deserialization Security Code Review	Oracle (WebLogic)	Goby (@GobySec)
Java Exploitation Restrictions in Modern JDK Times	Insecure Deserialization	Undisclosed	Florian Hauser (@Frycos)
Riding the Azure Service Bus (Relay) into Power Platform	RCE Cross-Tenant Vulnerability Cloud Insecure Deserialization	Microsoft (Azure)	Nick Landers (@Monoxgas)
Feeding Tasty Objects to Visual Studio's App Center SDK for Apple	Insecure Deserialization MacOS	Microsoft	Jenny (@OldM4nHunting)

Page 2 of 5