The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by
practitioners within the industry or underground communities. Similarly, academic …

Java deserialization vulnerability is a severe threat in practice. Researchers have proposed
static analysis solutions to locate candidate vulnerabilities and fuzzing solutions to generate …

Prototype pollution is a dangerous vulnerability affecting prototype-based languages like
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …

Java (de) serialization is prone to causing security-critical vulnerabilities that attackers can
invoke existing methods (gadgets) on the application's classpath to construct a gadget chain …

Nowadays, an increasing number of applications use deserialization. This technique, based
on rebuilding the instance of objects from serialized byte streams, can be dangerous since it …

A PHP object injection (POI) vulnerability is a security-critical bug that allows the remote
code execution of class methods existing in a vulnerable PHP application. Exploiting this …

Prototype pollution is a type of recently-discovered, impactful vulnerability that affects
JavaScript code. One important yet challenging research problem of prototype pollution is …

Java Object Injection (JOI) is a severe type of vulnerability affecting Java deserialization,
which allows adversaries to inject a well-crafted, serialized object, thus triggering a series of …

Unrestricted file upload (UFU) vulnerabilities, especially unrestricted executable file upload
(UEFU) vulnerabilities, pose severe security risks to web servers. For instance, attackers can …

Object serialization and deserialization are widely used for storing and preserving objects in
files, memory, or database as well as for transporting them across machines, enabling …