28 matches found
Exploit for CVE-2026-2587
CVE-2026-2587 — GlassFish EL Injection RCE...
OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
Impact Server-side EL injection leading to Remote Code Execution RCE. Affects applications that use CDNResourceHandler with a wildcard CDN mapping e.g. libraryName:=https://cdn.example.com/. An attacker can craft a resource request URL containing an EL expression in the resource name, which is...
EUVD-2024-45781
Malicious code in bioql PyPI...
PT-2025-20921
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager Mobile EPMM versions 12.5.0.0 and prior Description A flaw exists in the API component of Ivanti Endpoint Manager Mobile EPMM that allows authenticated attackers to execute arbitrary code through crafted API requests...
Security Bulletin: IBM Cognos Analytics is vulnerable to Malicious File Upload and EL Injection vulnerabilities (CVE-2024-40695, CVE-2024-51466)
Summary IBM Cognos Analytics is considered vulnerable to a Malicious File Upload which could allow a privileged user to upload malicious files that can be automatically processed within the product CVE-2024-40695 and an Expression Language EL Injection which could allow a remote attacker to explo...
IBM Cognos Analytics 安全漏洞
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A security...
PT-2024-9788 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 FP4 IBM Cognos Analytics versions 12.0.0 through 12.0.4 Description: The issue is related to an Expression Language EL Injection vulnerability in IBM Cognos Analytics. This vulnerability can...
Anatomy of an Attack
In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using...
EL Injection Vulnerability in Hitachi Tuning Manager
Overview An EL Injection Vulnerability exists in Hitachi Tuning Manager. CVE-2024-5828:EL Injection Vulnerability in Hitachi Tuning Manager Display new window Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information'...
CVE-2024-5828 EL Injection Vulnerability in Hitachi Tuning Manager
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00...
EL Injection Vulnerability in Hitachi Global Link Manager
Overview An EL Injection Vulnerability CVE-2024-0715 exists in Hitachi Global Link Manager. Affected products and versions are listed below. Please upgrade your version to the appropriate version. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Plea...
CVE-2024-0715 EL Injection Vulnerability in Hitachi Global Link Manager
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03...
EL Injection Vulnerability in Hitachi Replication Manager
Overview An EL Injection Vulnerability CVE-2022-4146 exists in Hitachi Replication Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...
Richfaces vulnerable to arbitrary code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
CVE-2021-41269
A flaw was found in cron-utils. This flaw allows an attacker to perform unauthenticated Remote Code Execution RCE via Java Expression Language EL injection...
Sonatype Nexus 3.21.1 Remote Code Execution
Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution Authenticated Exploit Author: 1F98D Original Author: Alvaro Muñoz Date: 27 May 2020 Vendor Hompage: https://www.sonatype.com/ CVE: CVE-2020-10199 Tested on: Windows 10 x64 References:...
Sonatype Nexus 3.21.1 - Remote Code Execution (Authenticated)
Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution Authenticated Exploit Author: 1F98D Original Author: Alvaro Muñoz Date: 27 May 2020 Vendor Hompage: https://www.sonatype.com/ CVE: CVE-2020-10199 Tested on: Windows 10 x64 References:...
Cron Utils Injection Vulnerability
Cron Utils is a Java codebase for authenticating, parsing, and migrating Cron expressions from the individual developers at Jmrozanec. An injection vulnerability exists in Cron-utils versions prior to 9.1.3, which can be exploited by an attacker to be able to inject arbitrary Java EL expressions,...
CVE-2018-14667
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
CVE-2018-14667
CVE-2018-14667 affects Red Hat JBoss RichFaces Framework 3.X up to 3.3.4, introducing an EL injection via UserResource$UriData that enables remote, unauthenticated code execution. The issue arises from EL expression handling in the UserResource resource, allowing a chain of Java serialized object...