Oracle announced a critical patch update to address a vulnerability (CVE-2018-2893) found in its WebLogic Server that affects the product's WLS Core Components subcomponent due to unsafe deserialization of Java objects. An unauthenticated, remote attacker can exploit this vulnerability by crafting a Java object to execute arbitrary Java code in the context of the WebLogic server.
The WebLogic remote code execution vulnerability (CVE-2018-2893) has not been fully fixed. The newly fixed vulnerability is assigned CVE-2018-3245.
Upgrade to the latest version of Oracle WebLogic Server. This issue was fixed in Oracle Critical Patch Update - October 2018. Or disable/restrict access to T3
Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)
WordPress Plugin Flamingo Code Injection (1.1)
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)