9309 matches found
Struts2 vulnerability analysis of the Ongl code to perform the analysis-vulnerability warning-the black bar safety net
A, brief 2 0 1 0 year 7 on exploitdb broke the Struts2/XWork 2.2.0 Remote Command Execution Vulnerability action, can be called God-like vulnerability, an attacker would just construct the appropriate statement, there is a great chance to gain system permissions for System or root because tomcat ...
Input validation
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...
CVE-2011-2730
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...
CVE-2011-2730
CVE-2011-2730 concerns VMware SpringSource Spring Framework (versions 2.5.6.SEC03, 2.5.7.SR023, and 3.x prior to 3.0.6) where EL-enabled containers evaluate EL expressions in several Spring tags twice, enabling an attacker to obtain sensitive information from attributes such as name, path, argume...
DEBIAN-CVE-2010-1330
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...
CVE-2010-1330
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...
CVE-2010-1330
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...
CVE-2010-1330
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...
FortiWeb 4kC / 3kC / 1kC / VA Cross Site Scripting
FortiWeb 4kC, 3kC, 1kC, and VA suffer from multiple cross site scripting vulnerabilities. FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Introduction: ============= FortiWeb web application firewalls protect, balance, and accelerate your web applications, databases, and any information...
Baidu Ueditor Open Source Editor for the Java version of jsp file upload vulnerability-vulnerability warning-the black bar safety net
The system default file upload process jsp filter is not strict cause can upload a jsp file,the jsp, you know how system privileges can execute arbitrary commands ! The problem is in the imageUp. jsp here use java regular expression to validate the uploaded file file name Re-set the file name whe...
Mandriva Linux Security Advisory : libxslt (MDVSA-2012:164)
Multiple vulnerabilities has been discovered and corrected in libxslt : Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors CVE-2011-1202. libxslt 1.1.26 and earlier does not properly manage memory,...
Philippine court suspends Anti Cybercrime law
The Philippine Supreme Court on Tuesday suspended implementation of Republic Act 10175 or the Cybercrime Prevention Act for 120 days, while it decides whether certain provisions violate civil liberties. The law, signed last month, aims to combat Internet crimes such as hacking, identity theft,...
CVE-2012-5109
The International Components for Unicode ICU functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service out-of-bounds read via vectors related to a regular expression...
Out-of-bounds
The International Components for Unicode ICU functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service out-of-bounds read via vectors related to a regular expression...
CVE-2012-5109
The International Components for Unicode ICU functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service out-of-bounds read via vectors related to a regular expression...
Internet freedom : Anonymous Brings Philippines Government Sites Offline
Hacker groups that are against the controversial Cybercrime Prevention Law for its effect on the country's freedom of expression defaced 11 more government websites since 11 p.m. Monday A message which said, "Hacked by M4N1L4 PR1D3, PHILIPPINE CYBER ARMY AND -=TheFamilyPride=-," appeared on the...
CVE-2012-5223
The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...
Code injection
The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...
CVE-2012-5223
The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...
CVE-2012-5223
The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...