93 matches found
SUSE CVE-2016-2510
BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...
GHSA-GXG6-RC6C-V673 Improper Input Validation in BeanShell
BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...
Improper Input Validation in BeanShell
BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...
com.liferay:com.liferay.portal.scripting.beanshell (>=1.0.0 <=2.0.4) potentially affected by CVE-2016-2510 via org.apache-extras.beanshell:bsh (=2.0b5)
org.apache-extras.beanshell:bsh MAVEN version =2.0b5 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache-extras.beanshell:bsh and may be impacted: - com.liferay:com.liferay.portal.scripting.beanshell =1.0.0, =2.0.4 Source cves: CVE-2016-2510...
CVE-2022-26111
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search or editing an existing/predefined search of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in t...
CVE-2022-26111
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search or editing an existing/predefined search of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in t...
CVE-2022-26111
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search or editing an existing/predefined search of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in t...
Remote code execution
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search or editing an existing/predefined search of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in t...
CVE-2022-26111
The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search or editing an existing/predefined search of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in t...
CVE-2022-26111
The CVE-2022-26111 entry concerns IRISNext (BeanShell components) up to version 9.8.28. The vulnerability arises when BeanShell expressions are added via the search functionality, allowing arbitrary commands to be executed on the target server within the IRISNext application user context (Remote ...
PT-2022-17681 · Irisnet · Irisnext
Name of the Vulnerable Software and Affected Versions: IRISNext versions through 9.8.28 Description: The issue allows execution of arbitrary commands on the target server by creating a custom search or editing an existing search of the documents. The search components permit adding BeanShell...
IRIS IrisNext 命令注入漏洞
IRIS IrisNext is a document management solution from IRIS Luxembourg designed to manage, protect and use your company's information. A security vulnerability exists in IRISNext version 9.8.28 and prior versions of the BeanShell component, which originates from a BeanShell component that allows...
CVE-2021-31599
Vulnerability summary: CVE-2021-31599 affects Hitachi Vantara Pentaho (Pentaho BI Server 7.x and Pentaho Business Analytics up to 9.1). Affected component is the Pentaho Report Bundles (.prpt); the BeanShell scripting feature inside PRPT reports can be exploited by an authenticated user to execut...
Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution Vulnerability
Pentaho allows users to create and run Pentaho Report Bundles .prpt. Users can create PRPT reports by utilizing the Pentaho Designer application and can include BeanShell Script functions to ease the production of complex reports. However, the BeanShell Script functions can allow for the executio...
Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Affected Versions: = 9.1 Vulnerability Type: Remote Code Execution through Pentaho Report Bundles Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th February 2021...
Hitachi Vantara Pentaho 代码问题漏洞
Hitachi Vantara Pentaho is a service from Hitachi, Japan, for storing and managing data in big data environments. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics 9.1 and prior versions, which stems from Pentaho allowing users to create and run Pentaho report packages...
GitHub Security Lab: [Java] BeanShell Injection
This bug was reported directly to GitHub Security Lab...
Command Execution Vulnerability in UFIDA NC BeanShell (CNVD-2021-30167)
UFIDA NC is a large erp enterprise management system and e-commerce platform. A command execution vulnerability exists in UFIDA NC BeanShell, which can be exploited by an attacker to gain control of the server...
bsh2: remote code execution via deserialization
A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this...
Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LCMS Premier (CVE-2016-2510)
Summary A vulnerability in Open Source BeanShell has been addressed by LCMS Premier Vulnerability Details CVEID: CVE-2016-2510 DESCRIPTION: BeanShell could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data using Java serialization or...