1085 matches found
CVE-2020-15143 Remote Code Execution in SyliusResourceBundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
CVE-2020-15146 Remote Code Execution in SyliusResourceBundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
CVE-2020-15146
CVE-2020-15146 affects SyliusResourceBundle used with Symfony. The vulnerability occurs when request parameters are injected into expressions evaluated by the Symfony expression-language, allowing an attacker to access public services and perform Remote Code Execution. Affected versions are
GHSA-H6M7-J4H3-9RF5 Remote Code Execution in SyliusResourceBundle
Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...
Remote Code Execution in SyliusResourceBundle
Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...
hibernate-validator: Improper input validation in the interpolation of constraint error messages
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...
hibernate-validator: Improper input validation in the interpolation of constraint error messages
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...
hibernate-validator: Improper input validation in the interpolation of constraint error messages
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...
HPE IMC deploySelectBootrom Remote Code Execution
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the beanName request parameter provided to the deploySelectBootrom.xhtml endpoint. A remote attacker could exploit this vulnerability by sending a...
Exploit for Expression Language Injection in Vmware Vcloud_Director
CVE-2020-3956 PoC exploit for VMware Cloud Dir...
DEBIAN-CVE-2020-10693
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...
UBUNTU-CVE-2020-10693
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...
Apache Syncope Injection Vulnerability
Apache Syncope is the United States Apache Apache Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. An injection vulnerability exists in Apache Syncope versions 2.0.X prior t...
CVE-2020-10693
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...
HPE IMC ForwardRedirect Expression Language Injection
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the actionbean request parameter provided to the forwardredirect.xhtml endpoint...
HPE Intelligent Management Remote Rode Execution (CVE-2019-5386)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the beanName request parameter by the class...
Remote Code Execution
Sonatype nxrm is vulnerable to remote code execution. The vulnerability allows high privilege users such as administrators to run arbitrary code on the server with Nexus process privileges by injecting arbitrary Java Expression Language EL expressions...
Nexus Repository Manager - Java EL Injection RCE (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...
Nexus Repository Manager 3.21.1-01 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...
Nexus Repository Manager 3.21.1-01 Remote Code Execution Exploit
This Metasploit module exploits a Java Expression Language EL injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01. This module requires Metasploit: https://metasploit.com/download Current source:...