Lucene search
K

1087 matches found

RedHat Linux
RedHat Linux
added 2015/03/24 9:6 p.m.9 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Framework Kit 2.7.0 security update

An update for the RichFaces component of Red Hat JBoss Web Framework Kit 2.7.0 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score...

6.8CVSS7.5AI score0.03958EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.4 views

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

4.3CVSS7.5AI score0.04715EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.2 views

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

4.3CVSS7.5AI score0.04715EPSS
Exploits0References5
Apache Tomcat
Apache Tomcat
added 2015/02/04 12:0 a.m.74 views

Fixed in Apache Tomcat 7.0.59

Note: The issue below was fixed in Apache Tomcat 7.0.58 but the release vote for the 7.0.58 release candidate did not pass. Therefore, although users must download 7.0.59 to obtain a version that includes a fix for this issue, versions 7.0.58 is not included in the list of affected versions...

5CVSS6.7AI score0.13872EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.62 views

RHEL 4 : JBoss EWP (RHSA-2013:0197)

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

10CVSS7.8AI score0.15561EPSS
Exploits7References30
RedHat Linux
RedHat Linux
added 2014/09/10 5:33 a.m.6 views

elasticsearch: remote code execution flaw via dynamic scripting

It was discovered that the default configuration of Elasticsearch enabled dynamic scripting, allowing a remote attacker to execute arbitrary MVEL expressions and Java code via the source parameter passed to search...

8.1CVSS6.2AI score0.88559EPSS
Exploits17References6
RedHat Linux
RedHat Linux
added 2014/07/21 6:35 p.m.5 views

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

4.3CVSS7.5AI score0.04715EPSS
Exploits0References5
NVD
NVD
added 2014/04/22 1:6 p.m.24 views

CVE-2013-6469

JBoss Overlord Run Time Governance RTGov 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. NOTE: some of these details are obtained from third party information...

6.5CVSS7.3AI score0.01639EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2014/04/21 12:0 a.m.7 views

PT-2014-3131 · Mozilla +1 · Mvel +1

Name of the Vulnerable Software and Affected Versions: JBoss Overlord Run Time Governance RTGov version 1.0 for JBossAS Description: The issue allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. Recommendations: For JBoss Overlord Ru...

6.5CVSS7AI score0.01639EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2014/04/03 9:19 p.m.5 views

Drools: Remote Java Code Execution in MVEL

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...

6.5CVSS6.2AI score0.01951EPSS
Exploits1References4
Prion
Prion
added 2013/08/15 4:55 p.m.17 views

Open redirect

Apache Open For Business Project aka OFBiz 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language UEL functions via JUEL metacharacters in unspecified parameters, related to nested expressions...

10CVSS7.9AI score0.12138EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2013/08/15 4:0 p.m.24 views

CVE-2013-2250

Apache Open For Business Project aka OFBiz 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language UEL functions via JUEL metacharacters in unspecified parameters, related to nested expressions...

7.4AI score0.12138EPSS
Exploits1References6
Kitploit
Kitploit
added 2013/08/14 5:6 a.m.20 views

[IronWASP v0.9.6.5] Open Source Advanced Web Security Testing Platform

IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripti...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/06/18 2:41 p.m.7 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/02/20 9:33 p.m.7 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/31 7:31 p.m.6 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 7:6 p.m.68 views

Important: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update

JBoss Enterprise Web Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...

10CVSS7.7AI score0.15561EPSS
Exploits6References16
RedHat Linux
RedHat Linux
added 2013/01/24 7:6 p.m.7 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:52 p.m.6 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:44 p.m.111 views

Important: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

10CVSS7.7AI score0.15561EPSS
Exploits7References17
Rows per page
Query Builder