Description
HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized data.
Remediation
References
Related Vulnerabilities
WordPress Plugin Syndication Links Cross-Site Scripting (1.0.2)
Oracle Database Server CVE-2010-0900 Vulnerability (CVE-2010-0900)
WordPress Plugin WordPress Easy Custom Js And Css Cross-Site Scripting (1.1.2)
WordPress Plugin s2Member Framework 's2_invoice' Parameter Remote Security Bypass (111105)