Insecure Deserialization

Title	Vulnerabilities	Programs	Authors
CVE-2020-11518: how I bruteforced my way into your Active Directory	RCE Insecure Deserialization Arbitrary File Upload Bruteforce	Undisclosed	Pieter Hiele (@Honoki)
ZombieVPN, Breaking That Internet Security	RCE Insecure Deserialization	Bitdefender AnchorFree	0xSha (@0xsha)
Universal RCE with Ruby YAML.load	Insecure Deserialization RCE	Undisclosed	Etienne Stalmans (@_Staaldraad)
Ruby 2.x Universal RCE Deserialization Gadget Chain	Insecure Deserialization RCE	Ruby	Luke Jahnke (@Lukejahnke)
How i found a 1500$ worth Deserialization vulnerability	Misconfigured JSF ViewState Insecure Deserialization	Undisclosed	Ashish Kunwar (@D0rkerDevil)
Adobe ColdFusion Deserialization RCE (CVE-2017-11283, CVE-2017-11284)	Insecure Deserialization RCE Security Code Review Java RMI	Adobe (ColdFusion)	Nicky Bloor (@NickstaDB)
How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!	SSRF RCE CRLF Injection Insecure Deserialization	GitHub	Orange Tsai (@Orange_8361)
Type Juggling and PHP Object Injection, and SQLi, Oh My!	Type Juggling PHP Object Injection Insecure Deserialization SQL Injection	Undisclosed	Justin Kennedy (@Jstnkndy)
Deserialization in Perl v5.8	Insecure Deserialization RCE	Undisclosed	Nicolas Grégoire (@Agarri_FR)

Page 5 of 5