The vulnerability of the implementation of the DefaultActionMapper mechanism in the Apache Struts software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the DefaultActionMapper mechanism implemented by the Apache Struts software platform is related to insufficient cleaning of input data when processing parameters such as action:, redirect:, and redirectAction: prefix. Exploiting this vulnerability allows an attacker to execut...

Improper Neutralization of Input During Web Page Generation in Spring Framework

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

Backup infrastructure missing in SCOM views after upgrade to Veeam Backup & Replication 9.5 U4

Challenge After you upgrade to Veeam Backup & Replication 9.5 Update 4, MP for Veeam Backup & Replication monitoring views in SCOM no longer display backup infrastructure partially or completely. The following events can be found in the SCOM Windows event log on the affected Veeam Backup &...

The vulnerability of the Decryption Policy Default Action component in Cisco Web Security Appliance routers allows a hacker to block certain SSL connections.

The vulnerability of the Decryption Policy Default Action component in Cisco Web Security Appliance firewalls is related to improper handling of encrypted SSL traffic. Exploiting this vulnerability could allow a malicious actor to block certain SSL connections remotely...

Microsoft Windows Defender AV: Threat alert levels at which default action should not be taken (Medium)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavthreatseveritydefaultaction2.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Specify threat alert levels at which default action should not be taken when detected Medium Authors: Emanuel Moss Copyright: Copyright...

Microsoft Windows Defender AV: Threat alert levels at which default action should not be taken (Low)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavthreatseveritydefaultaction1.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Specify threat alert levels at which default action should not be taken when detected Low Authors: Emanuel Moss Copyright: Copyright c...

CVE-2017-6632

A vulnerability in the logging configuration of Secure Sockets Layer SSL policies for Cisco FirePOWER System Software 5.3.0 through 6.2.2 could allow an unauthenticated, remote attacker to cause a denial of service DoS condition due to high consumption of system resources. The vulnerability is du...

MS Internet Explorer 5.5 CLSID File Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2612/info The default operation performed to open a filetype is determining by referencing the filetype's CLSID. Due to a flaw in the interpretation of CLSIDs when appended to a filename, it is possible to specify a...

Framework: cross-site scripting flaw when using Spring MVC

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

Framework: cross-site scripting flaw when using Spring MVC

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

CVE-2014-1904

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

Cross site scripting

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

CVE-2014-1904

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

CVE-2013-7183

cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to 1 cause a denial of service reboot via a defaultreboot action or 2 reset all configuration values via a factorydefault action...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via 1 the email parameter to index.php; or the command parameter to index.php in 2 the default action for the home page, 3 a currencies action, or 4 a basket action...

CVE-2007-5725

Multiple cross-site scripting XSS vulnerabilities in Smart-Shop allow remote attackers to inject arbitrary web script or HTML via 1 the email parameter to index.php; or the command parameter to index.php in 2 the default action for the home page, 3 a currencies action, or 4 a basket action...