Lucene search
K

9309 matches found

myhack58
myhack58
added 2012/12/19 12:0 a.m.18 views

Struts2 vulnerability analysis of the Ongl code to perform the analysis-vulnerability warning-the black bar safety net

A, brief 2 0 1 0 year 7 on exploitdb broke the Struts2/XWork 2.2.0 Remote Command Execution Vulnerability action, can be called God-like vulnerability, an attacker would just construct the appropriate statement, there is a great chance to gain system permissions for System or root because tomcat ...

8.3AI score
Exploits0
Prion
Prion
added 2012/12/05 5:55 p.m.24 views

Input validation

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS8.9AI score0.11779EPSS
Exploits1References19Affected Software1
UbuntuCve
UbuntuCve
added 2012/12/05 5:55 p.m.33 views

CVE-2011-2730

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.6AI score0.11779EPSS
Exploits1References2
CVE
CVE
added 2012/12/05 5:0 p.m.176 views

CVE-2011-2730

CVE-2011-2730 concerns VMware SpringSource Spring Framework (versions 2.5.6.SEC03, 2.5.7.SR023, and 3.x prior to 3.0.6) where EL-enabled containers evaluate EL expressions in several Spring tags twice, enabling an attacker to obtain sensitive information from attributes such as name, path, argume...

7.5CVSS5.5AI score0.11779EPSS
Exploits1References19Affected Software1
OSV
OSV
added 2012/11/23 7:55 p.m.4 views

DEBIAN-CVE-2010-1330

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

4.3CVSS5.8AI score0.02218EPSS
Exploits1References1
NVD
NVD
added 2012/11/23 7:55 p.m.43 views

CVE-2010-1330

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

4.3CVSS5.6AI score0.02218EPSS
Exploits1References7
Cvelist
Cvelist
added 2012/11/23 7:0 p.m.33 views

CVE-2010-1330

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

5.5AI score0.02218EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2012/11/23 7:0 p.m.23 views

CVE-2010-1330

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

4.3CVSS5.6AI score0.02218EPSS
Exploits1
0day.today
0day.today
added 2012/10/31 12:0 a.m.39 views

FortiWeb 4kC / 3kC / 1kC / VA Cross Site Scripting

FortiWeb 4kC, 3kC, 1kC, and VA suffer from multiple cross site scripting vulnerabilities. FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Introduction: ============= FortiWeb web application firewalls protect, balance, and accelerate your web applications, databases, and any information...

6.8AI score
Exploits0
myhack58
myhack58
added 2012/10/23 12:0 a.m.20 views

Baidu Ueditor Open Source Editor for the Java version of jsp file upload vulnerability-vulnerability warning-the black bar safety net

The system default file upload process jsp filter is not strict cause can upload a jsp file,the jsp, you know how system privileges can execute arbitrary commands ! The problem is in the imageUp. jsp here use java regular expression to validate the uploaded file file name Re-set the file name whe...

1.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/10/12 12:0 a.m.41 views

Mandriva Linux Security Advisory : libxslt (MDVSA-2012:164)

Multiple vulnerabilities has been discovered and corrected in libxslt : Unspecified vulnerability in XSLT allows remote attackers to obtain potentially sensitive information about heap memory addresses via unknown vectors CVE-2011-1202. libxslt 1.1.26 and earlier does not properly manage memory,...

6.8CVSS8.8AI score0.02467EPSS
Exploits1References4
The Hacker News
The Hacker News
added 2012/10/10 5:57 p.m.12 views

Philippine court suspends Anti Cybercrime law

The Philippine Supreme Court on Tuesday suspended implementation of Republic Act 10175 or the Cybercrime Prevention Act for 120 days, while it decides whether certain provisions violate civil liberties. The law, signed last month, aims to combat Internet crimes such as hacking, identity theft,...

6.8AI score
Exploits0
NVD
NVD
added 2012/10/09 11:13 a.m.19 views

CVE-2012-5109

The International Components for Unicode ICU functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service out-of-bounds read via vectors related to a regular expression...

5CVSS8.9AI score0.01224EPSS
Exploits0References3
Prion
Prion
added 2012/10/09 11:13 a.m.16 views

Out-of-bounds

The International Components for Unicode ICU functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service out-of-bounds read via vectors related to a regular expression...

5CVSS6.7AI score0.01224EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/10/09 10:0 a.m.26 views

CVE-2012-5109

The International Components for Unicode ICU functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service out-of-bounds read via vectors related to a regular expression...

6AI score0.01224EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2012/10/03 3:23 p.m.9 views

Internet freedom : Anonymous Brings Philippines Government Sites Offline

Hacker groups that are against the controversial Cybercrime Prevention Law for its effect on the country's freedom of expression defaced 11 more government websites since 11 p.m. Monday A message which said, "Hacked by M4N1L4 PR1D3, PHILIPPINE CYBER ARMY AND -=TheFamilyPride=-," appeared on the...

6.8AI score
Exploits0
NVD
NVD
added 2012/10/01 8:55 p.m.20 views

CVE-2012-5223

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

7.5CVSS7.4AI score0.40533EPSS
Exploits3References6
Prion
Prion
added 2012/10/01 8:55 p.m.12 views

Code injection

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

7.5CVSS8AI score0.40533EPSS
Exploits3References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2012/10/01 8:55 p.m.3 views

CVE-2012-5223

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

7.5CVSS6.1AI score0.40533EPSS
Exploits3References9
Cvelist
Cvelist
added 2012/10/01 8:0 p.m.29 views

CVE-2012-5223

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

7.4AI score0.40533EPSS
Exploits3References6
Rows per page
Query Builder