Vulnerable Environments
Browse our collection of pre-built vulnerable environments for security research and education. Each environment is containerized with Docker and comes with detailed documentation.
35 Results in Deserialization
Apache Superset Python Pickle Deserialization Leads to RCE
Explore the Apache Superset Python Pickle Deserialization Leads to RCE vulnerability and learn how to exploit it.
Tomcat Session Deserialization Remote Code Execution
Explore the Tomcat Session Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Apache HertzBeat SnakeYaml Deserialization Remote Code Execution
Explore the Apache HertzBeat SnakeYaml Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Adobe ColdFusion XML Deserialization Leads to RCE
Explore the Adobe ColdFusion XML Deserialization Leads to RCE vulnerability and learn how to exploit it.
Unsafe deserialization of XMLRPC arguments in Apache OFBiz
Explore the Unsafe deserialization of XMLRPC arguments in Apache OFBiz vulnerability and learn how to exploit it.
Apache ActiveMQ OpenWire Protocol Deserialization RCE
Explore the Apache ActiveMQ OpenWire Protocol Deserialization RCE vulnerability and learn how to exploit it.
Neo4j Shell Server Deserialization
Explore the Neo4j Shell Server Deserialization vulnerability and learn how to exploit it.
Apache Dubbo Java Deserialization
Explore the Apache Dubbo Java Deserialization vulnerability and learn how to exploit it.
Celery <4.0 Redis Unauthorized Access and Pickle Deserialization
Explore the Celery <4.0 Redis Unauthorized Access and Pickle Deserialization vulnerability and learn how to exploit it.
XStream Deserialization Command Execution
Explore the XStream Deserialization Command Execution vulnerability and learn how to exploit it.
XStream Deserialization Command Execution
Explore the XStream Deserialization Command Execution vulnerability and learn how to exploit it.
Apache OfBiz Deserialization Command Execution
Explore the Apache OfBiz Deserialization Command Execution vulnerability and learn how to exploit it.
Mojarra JSF ViewState Deserialization
Explore the Mojarra JSF ViewState Deserialization vulnerability and learn how to exploit it.
Apereo CAS 4.1 Deserialization Command Execution
Explore the Apereo CAS 4.1 Deserialization Command Execution vulnerability and learn how to exploit it.
Liferay Portal CE Deserialization Remote Code Execution
Explore the Liferay Portal CE Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Java < JDK8u232_b09 RMI Registry Deserialization Remote Code Execution Bypass
Explore the Java < JDK8u232_b09 RMI Registry Deserialization Remote Code Execution Bypass vulnerability and learn how to exploit it.
Java <= JDK 8u111 RMI Registry Deserialization Remote Code Execution
Explore the Java <= JDK 8u111 RMI Registry Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Apache Shiro 1.2.4 Deserialization Remote Code Execution
Explore the Apache Shiro 1.2.4 Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Fastjson 1.2.24 Deserialization Remote Command Execution
Explore the Fastjson 1.2.24 Deserialization Remote Command Execution vulnerability and learn how to exploit it.
Fastjson 1.2.47 Deserialization Remote Command Execution
Explore the Fastjson 1.2.47 Deserialization Remote Command Execution vulnerability and learn how to exploit it.
Drupal Core 8 PECL YAML Deserialization Remote Code Execution
Explore the Drupal Core 8 PECL YAML Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Drupal Remote Code Execution by phar deserialization
Explore the Drupal Remote Code Execution by phar deserialization vulnerability and learn how to exploit it.
Jackson-databind Deserialization Remote Command Execution
Explore the Jackson-databind Deserialization Remote Command Execution vulnerability and learn how to exploit it.
phpmyadmin scripts/setup.php Deserialization
Explore the phpmyadmin scripts/setup.php Deserialization vulnerability and learn how to exploit it.
JBoss 4.x JBossMQ JMS Deserialization Remote Code Execution
Explore the JBoss 4.x JBossMQ JMS Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Weblogic WLS Core Components Deserialization Remote Command Execution
Explore the Weblogic WLS Core Components Deserialization Remote Command Execution vulnerability and learn how to exploit it.
JBoss JMXInvokerServlet Deserialization Remote Code Execution
Explore the JBoss JMXInvokerServlet Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Apache Log4j TCP Server Deserialization Remote Code Execution
Explore the Apache Log4j TCP Server Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Adobe ColdFusion Deserialization
Explore the Adobe ColdFusion Deserialization vulnerability and learn how to exploit it.
Apache JMeter RMI Deserialization Remote Code Execution
Explore the Apache JMeter RMI Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Apache ActiveMQ Deserialization
Explore the Apache ActiveMQ Deserialization vulnerability and learn how to exploit it.
WebLogic < 10.3.6 'wls-wsat' XMLDecoder Deserialization Remote Command Execution
Explore the WebLogic < 10.3.6 'wls-wsat' XMLDecoder Deserialization Remote Command Execution vulnerability and learn how to exploit it.
Joomla 3.4.5 Deserialization
Explore the Joomla 3.4.5 Deserialization vulnerability and learn how to exploit it.
JBoss 5.x/6.x Deserialization Remote Code Execution
Explore the JBoss 5.x/6.x Deserialization Remote Code Execution vulnerability and learn how to exploit it.
Python Unpickle Deserialization Remote Code Execution
Explore the Python Unpickle Deserialization Remote Code Execution vulnerability and learn how to exploit it.