1085 matches found
Nexus Repository Manager Java EL Injection RCE
This module exploits a Java Expression Language EL injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. This is a post-authentication vulnerability, so credentials are required to exploit the bug. Any user regardless of privilege level may b...
Server-Side Template Injection
dropwizard-validation is vulnerable to Server-Side Template Injection. The vulnerability exists as ViolationCollector does not sanitize Java Expression Language EL expressions and accepts malicious Java EL expressions to be passed into the server-side template in the self-validating feature,...
GHSA-8JPX-M2WH-2V34 Remote Code Execution (RCE) vulnerability in dropwizard-validation
Summary A server-side template injection was identified in the self-validating @SelfValidating feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you're using a self-validating bean via @SelfValidatin...
Remote Code Execution (RCE) vulnerability in dropwizard-validation
Summary A server-side template injection was identified in the self-validating @SelfValidating feature of dropwizard-validation enabling attackers to inject arbitrary Java EL expressions, leading to Remote Code Execution RCE vulnerability. If you're using a self-validating bean via @SelfValidatin...
Remote Code Execution (RCE)
JBoss Enterprise Application Platform is vulnerable to remtoe code execution RCE. Due to an incomplete fix for CVE-2011-1484, JBoss Seam 2 did not block access to all malicious JBoss Expression Language EL constructs in page exception handling, allowing arbitrary Java methods to be executed. A...
Arbitrary Code Execution
jboss-seam2 is vulnerable to arbitrary code execution. The vulnerability exists as an input sanitization flaw was found in the way JBoss Seam processed certain parametrized JBoss Expression Language EL expressions. A remote attacker could use this flaw to execute arbitrary code via a URL,...
Exploit for Expression Language Injection in Sonatype Nexus
CVE-2020-10199-10204 http://1984-0day.com python3 poc.py...
CVE-2020-10199
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...
HPE Intelligent Management Center Remote Code Execution (CVE-2019-5370)
An expression language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the beanName request parameter by the IctTableExportToCSVBean class...
HPE Intelligent Management Center Remote Code Execution (CVE-2019-11943)
An expression language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the beanName request parameter by the SoapConfigBean class. Successful exploitation results in the execution of arbitrary code under the security conte...
HPE Intelligent Management Center Remote Code Execution (CVE-2019-5386)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the beanName request parameter by the ViewBatchTaskResultDetailBean class. A remote, authenticated attacker can exploit this vulnerability by sending a...
Server-Side Template Injection
dropwizard-validation is vulnerable to server-side template injection. The vulnerability exists as ViolationCollector does not sanitize Java Expression Language EL expressions and accepts malicious Java EL expressions to be passed into the server-side template in the self-validating feature,...
CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
CVE-2020-5245
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
Security feature bypass
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
CVE-2020-5245 Remote Code Execution (RCE) vulnerability in dropwizard-validation
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
CVE-2020-5245 Remote Code Execution (RCE) vulnerability in dropwizard-validation
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in...
Remote Code Execution (RCE) vulnerability in dropwizard-validation
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. Summary A server-side template injection...
GHSA-3MCP-9WR4-CJQF Remote Code Execution (RCE) vulnerability in dropwizard-validation
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. Summary A server-side template injection...
(0Day) Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...