Adobe Experience Manager (AEM) CRX Content Explorer

This plugin detects the presence of the Adobe Experience Manager AEM CRX Content Explorer interface. The CRX Content Explorer is a web-based interface used to manage and interact with the content repository of Adobe Experience Manager. No source data...

Adobe Experience Manager (AEM) QueryBuilder JCR Role Disclosure

The remote Adobe Experience Manager AEM QueryBuilder Servlet is prone to an information disclosure vulnerability. An unauthenticated attacker can exploit this issue to retrieve the JCR roles of the AEM instance by sending a specially crafted HTTP request to the QueryBuilder Servlet endpoint. No...

Exploit for Incorrect Authorization in Adobe Experience_Manager_Forms

Lab: CVE-2025-54253 - Incorrect Authorization in Adobe Experie...

Deserialization Of Untrusted Data

Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the acceptance of untrusted JNDI URIs for JCR lookup, which allows an attacker to inject malicious JNDI references that trigger deserialization of untrusted...

EUVD-2020-30515

Malware in sbrugna...

EUVD-2021-2561

Malware in sbrugna...

EUVD-2013-6537

Malware in sbrugna...

EUVD-2015-1992

Malware in sbrugna...

EUVD-2020-30518

Malware in sbrugna...

EUVD-2020-30516

Malware in sbrugna...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JCR lookup functionality. An attacker can execute arbitrary code by injecting malicious JNDI references that are deserialized when untrusted JNDI URIs are accepted. JNDI URIs are can be...

GHSA-CXVC-G8F2-4GMM Apache Jackrabbit: Core and JCR Commons are vulnerable to Deserialization of Untrusted Data

There is a serialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that accept JNDI URIs for JCR lookup fr...

CVE-2021-43822

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

Apache Jackrabbit Code Execution Vulnerability

Apache Jackrabbit is a content repository from Apache USA. A code execution vulnerability exists in Apache Jackrabbit Webapp/Standalone, which stems from the component commons-beanutils failing to properly filter special elements of constructed snippets. An attacker could exploit the vulnerabilit...

Apache Sling Input Validation Error Vulnerability

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to comply with JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. An input validation error vulnerability exists in Apache Sling Commons...

VMware ESXi和vCenter Server 安全漏洞

VMware ESXi and VMware vCenter Server are both products of VMware, Inc. VMware ESXi is a server virtualization platform that can be installed directly on physical servers. vMware vCenter Server is a suite of server and virtualization management software. The software provides a centralized platfo...

CVE-2021-43822

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

Sql injection

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...

CVE-2021-43822

CVE-2021-43822 concerns SQL injection in the Jackalope Doctrine-DBAL PHPCR implementation. The vulnerability arises because the component that translates the query object model into Doctrine DBAL queries does not properly escape certain user-controlled identifiers (node names and xpaths), allowin...

CVE-2021-43822 SQL injection in jackalope/jackalope-doctrine-dbal

Jackalope Doctrine-DBAL is an implementation of the PHP Content Repository API PHPCR using a relational database to persist data. In affected versions users can provoke SQL injections if they can specify a node name or query. Upgrade to version 1.7.4 to resolve this issue. If that is not possible...