556 matches found
GHSA-PR98-23F8-JWXV QOS.CH logback-core Expression Language Injection vulnerability
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...
QOS.CH logback-core Expression Language Injection vulnerability
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...
QOS.CH logback-core Expression Language Injection vulnerability
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
TPAS Log4Shell PoC This repository contains a Proof of Concep...
CVE-2024-7552 DataGear Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection
A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of...
CVE-2024-5828
Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00...
Hitachi Tuning Manager 安全漏洞
Hitachi Tuning Manager is a performance tuning and monitoring tool from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Tuning Manager versions prior to 8.8.7-00 that stems from an expression language injection vulnerability that allows code injection...
PT-2024-5839 · Hitachi · Hitachi Tuning Manager
Name of the Vulnerable Software and Affected Versions: Hitachi Tuning Manager versions prior to 8.8.7-00 Description: The issue is related to an Expression Language Injection vulnerability in Hitachi Tuning Manager, which allows code injection. This vulnerability can be exploited by a remote...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947 A code injection attack on spring cloud gate...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 En las versiones 3.1.6, 3.2.2 y versiones anter...
CVE-2023-51593
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51593
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51593 Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51593 Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability
Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The...
CVE-2023-51593
Voltronic Power ViewPower Pro is affected by a remote code execution due to a Struts2 expression language injection flaw. The vulnerability allows unauthenticated attackers to execute arbitrary code in the context of LOCAL SERVICE. Root cause: a vulnerable expression language handling in a Struts...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2022-26134 CVE-2022-26134 - Confluence Pre-Auth RCE | OGNL...
Expression Language Injection
OpenMetadata is vulnerable to Expression Language Injection. The vulnerability is due to in validateExpression function evaluates SpEL expressions using a StandardEvaluationContext, This enabling interaction with Java classes like java.lang.Runtime, ultimately resulting in Remote Code Execution...
Expression Language Injection
OpenMetadata is vulnerable to Expression Language Injection. The vulnerability is caused due to a lack of proper authorization checks, allowing attackers to execute arbitrary code by exploiting Expression language injection in the CompiledRule::validateExpression method...
CVE-2024-28847
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, AlertUtil::validateExpression is also called from EventSubscriptionRepository.prepare,...
CVE-2024-0715
Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03...