9310 matches found
Fedora 20 : rubygems-2.0.8-104.fc20 (2013-16251)
A vulnerability was found on rubygems currently being shipped on Fedora in validating versions with a regular expression which leads to denial of service due to backtracking. This issue are now assigned as CVE-2013-4287. This new rpm will fix this issue. Note that Tenable Network Security has...
Atlassian Confluence < 5.1.5 OGNL Expression Handling Double Evaluation Error Remote Code Execution
According to its self-reported version number, the instance of Atlassian Confluence on the remote host is a version prior to 5.1.5. It is, therefore, affected by a remote code execution vulnerability due to a flaw in the handling of OGNL expressions. This could allow an attacker to execute...
Open redirect
Apache Open For Business Project aka OFBiz 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language UEL functions via JUEL metacharacters in unspecified parameters, related to nested expressions...
CVE-2013-2250
Apache Open For Business Project aka OFBiz 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language UEL functions via JUEL metacharacters in unspecified parameters, related to nested expressions...
[IronWASP v0.9.6.5] Open Source Advanced Web Security Testing Platform
IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripti...
Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products
Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller MVC architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts a...
[CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz
CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: Parameter valu...
Apache OFBiz Nested Expression Arbitrary UEL Function Execution
The version of Apache OFBiz hosted on the remote host is affected by a code execution vulnerability that could allow the execution of arbitrary UEL functions. Specially crafted input passed to the getInstance method of the FlexibleStringExpander class can result in the evaluation of nested Java...
Apache Struts2 多个前缀参数远程命令执行漏洞(CVE-2013-2251)
CVE-2013-2251 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。它是WebWork和Struts社区合并后的产物 Apache Struts2的action:、redirect:和redirectAction:前缀参数在实现其功能的过程中使用了Ognl表达式,并将用户通过URL提交的内容拼接入Ognl表达式中,从而造成攻击者可以通过构造恶意URL来执行任意Java代码,进而可执行任意命令 redirect:和redirectAction:此两项前缀为Struts默认开启功能,目前Struts...
Oracle Linux 3 : pcre (ELSA-2007-1063)
From Red Hat Security Advisory 2007:1063 : Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expressio...
Oracle Linux 3 : gdb (ELSA-2007-0469)
From Red Hat Security Advisory 2007:0469 : An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, a...
ISC BIND Regular Expression Handling Denial of Service (CVE-2013-2266)
A denial of service vulnerability exists in ISC BIND...
CentOS 4 : pcre (CESA-2007:1068)
Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way...
Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...
preg_replace
This plugin will find pregreplace vulnerabilities. This PHP function is vulnerable when the user can control the regular expression or the content of the string being analyzed and the regular expression has the e modifier. Right now this plugin will only find pregreplace vulnerabilities when PHP ...
Apache Struts - OGNL Expression Injection
Apache Struts - OGNL Expression Injection source: https://www.securityfocus.com/bid/60345/info Apache Struts is prone to a remote OGNL expression injection vulnerability. Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of...
Apache Struts - OGNL Expression Injection
source: https://www.securityfocus.com/bid/60345/info Apache Struts is prone to a remote OGNL expression injection vulnerability. Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application. Apache Struts 2.0.0...
Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20130424)
It was found that getaddrinfo did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. CVE-2013-1914 A flaw was...
RedHat Update for glibc RHSA-2013:0769-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 5 : glibc (RHSA-2013:0769)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0769 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Serv...