Lucene search
K

9310 matches found

Tenable Nessus
Tenable Nessus
added 2013/09/23 12:0 a.m.30 views

Fedora 20 : rubygems-2.0.8-104.fc20 (2013-16251)

A vulnerability was found on rubygems currently being shipped on Fedora in validating versions with a regular expression which leads to denial of service due to backtracking. This issue are now assigned as CVE-2013-4287. This new rpm will fix this issue. Note that Tenable Network Security has...

4.3CVSS7.9AI score0.03343EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/09/06 12:0 a.m.21 views

Atlassian Confluence < 5.1.5 OGNL Expression Handling Double Evaluation Error Remote Code Execution

According to its self-reported version number, the instance of Atlassian Confluence on the remote host is a version prior to 5.1.5. It is, therefore, affected by a remote code execution vulnerability due to a flaw in the handling of OGNL expressions. This could allow an attacker to execute...

6.9AI score
Exploits0References2
Prion
Prion
added 2013/08/15 4:55 p.m.17 views

Open redirect

Apache Open For Business Project aka OFBiz 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language UEL functions via JUEL metacharacters in unspecified parameters, related to nested expressions...

10CVSS7.9AI score0.12138EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2013/08/15 4:0 p.m.24 views

CVE-2013-2250

Apache Open For Business Project aka OFBiz 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language UEL functions via JUEL metacharacters in unspecified parameters, related to nested expressions...

7.4AI score0.12138EPSS
Exploits1References6
Kitploit
Kitploit
added 2013/08/14 5:6 a.m.19 views

[IronWASP v0.9.6.5] Open Source Advanced Web Security Testing Platform

IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripti...

7AI score
Exploits0
Huawei
Huawei
added 2013/07/30 12:0 a.m.121 views

Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products

Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller MVC architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts a...

9.8CVSS9.3AI score0.99998EPSS
Exploits32Affected Software26
securityvulns
securityvulns
added 2013/07/29 12:0 a.m.93 views

[CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz

CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: Parameter valu...

10CVSS3.1AI score0.12138EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/07/29 12:0 a.m.32 views

Apache OFBiz Nested Expression Arbitrary UEL Function Execution

The version of Apache OFBiz hosted on the remote host is affected by a code execution vulnerability that could allow the execution of arbitrary UEL functions. Specially crafted input passed to the getInstance method of the FlexibleStringExpander class can result in the evaluation of nested Java...

10CVSS6.1AI score0.12138EPSS
Exploits1References3
seebug.org
seebug.org
added 2013/07/17 12:0 a.m.125 views

Apache Struts2 多个前缀参数远程命令执行漏洞(CVE-2013-2251)

CVE-2013-2251 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。它是WebWork和Struts社区合并后的产物 Apache Struts2的action:、redirect:和redirectAction:前缀参数在实现其功能的过程中使用了Ognl表达式,并将用户通过URL提交的内容拼接入Ognl表达式中,从而造成攻击者可以通过构造恶意URL来执行任意Java代码,进而可执行任意命令 redirect:和redirectAction:此两项前缀为Struts默认开启功能,目前Struts...

9.3CVSS1AI score0.99998EPSS
Exploits18
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.30 views

Oracle Linux 3 : pcre (ELSA-2007-1063)

From Red Hat Security Advisory 2007:1063 : Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expressio...

6.8CVSS5.8AI score0.04077EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.100 views

Oracle Linux 3 : gdb (ELSA-2007-0469)

From Red Hat Security Advisory 2007:0469 : An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, a...

5.1CVSS6.3AI score0.03227EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2013/06/30 12:0 a.m.4 views

ISC BIND Regular Expression Handling Denial of Service (CVE-2013-2266)

A denial of service vulnerability exists in ISC BIND...

8.2AI score0.42851EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/06/29 12:0 a.m.34 views

CentOS 4 : pcre (CESA-2007:1068)

Updated pcre packages that resolve several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way...

6.8CVSS5.8AI score0.03661EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2013/06/18 2:41 p.m.5 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
w3af
w3af
added 2013/06/10 11:2 p.m.14 views

preg_replace

This plugin will find pregreplace vulnerabilities. This PHP function is vulnerable when the user can control the regular expression or the content of the string being analyzed and the regular expression has the e modifier. Right now this plugin will only find pregreplace vulnerabilities when PHP ...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2013/06/05 12:0 a.m.7 views

Apache Struts - OGNL Expression Injection

Apache Struts - OGNL Expression Injection source: https://www.securityfocus.com/bid/60345/info Apache Struts is prone to a remote OGNL expression injection vulnerability. Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2013/06/05 12:0 a.m.69 views

Apache Struts - OGNL Expression Injection

source: https://www.securityfocus.com/bid/60345/info Apache Struts is prone to a remote OGNL expression injection vulnerability. Remote attackers can exploit this issue to manipulate server-side objects and execute arbitrary commands within the context of the application. Apache Struts 2.0.0...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/04/26 12:0 a.m.37 views

Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20130424)

It was found that getaddrinfo did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. CVE-2013-1914 A flaw was...

5CVSS7.4AI score0.04113EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2013/04/25 12:0 a.m.30 views

RedHat Update for glibc RHSA-2013:0769-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8.1AI score0.04113EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2013/04/25 12:0 a.m.31 views

RHEL 5 : glibc (RHSA-2013:0769)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0769 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Serv...

5CVSS7.5AI score0.04113EPSS
Exploits2References9
Rows per page
Query Builder