CVE-2020-13971

In Shopware before 6.2.3, authenticated users are allowed to use the Mediabrowser fileupload feature to upload SVG images containing JavaScript. This leads to Persistent XSS. An uploaded image can be accessed without authentication...

Oracle Database Server Multiple Vulnerabilities (Jul 2020 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - Vulnerability in the MapViewer Apache Commons FileUpload component of Oracle Database Server. Supported versions that are affected are...

Security Bulletin: Apache Commons FileUpload (Publicly disclosed vulnerability) in IBM eDiscovery Manager

Summary Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this...

Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)

Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities : - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware subcomponent: Advanced UI Apache Groovy due to a lack of isolation of object...

Security Bulletin: Security vulnerabilities have been identified in WebSphere Application Server shipped with Predictive Customer Intelligence (CVE-2016-0385, CVE-2016-0377, CVE-2016-2960, CVE-2016-3092)

Summary WebSphere Application Server is shipped with Predictive Customer Intelligence. Information about security vulnerabilities affecting WebSphere Application Server have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

Security Bulletin: A denial of service vulnerability affects IBM Sterling B2B Integrator (CVE-2014-0050)

Summary IBM Sterling B2B Integrator is vulnerable to denial of service attack Vulnerability Details CVEID: CVE-2014-0050 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests. By...

Security Bulletin: Security Vulnerability in Apache Commons FileUpload Affects IBM Sterling B2B Integrator (CVE-2016-1000031)

Summary Security vulnerability in Apache Commons FileUpload affects IBM Sterling B2B Integrator. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on th...

Security Bulletin: Vulnerability in Apache Commons affects IBM B2B Advanced Communications (CVE-2016-3092)

Summary IBM B2B Advanced Communications is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons...

Security Bulletin: Apache Commons FileUpload Vulnerability affects IBM Rational ClearQuest (CVE-2016-3092)

Summary IBM Rational ClearQuest is vulnerable to an Apache Commons FileUpload vulnerability. Vulnerability Details CVE-ID: CVE-2016-3092 Description: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests,...

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2019-17571 is a vulnerability in the Apache Commons FileUpload library. It allows an attacker to upload a malicious file with a .class extension, which can be used to execute arbitrary code on the server. The vulnerability is caused by the library not properly validating the file extension...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Sterling Secure Proxy (CVE-2016-3092)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload...

Security Bulletin: Multiple Security Vulnerabilities found in IBM Sterling Secure Proxy (CVE-2014-0411, CVE-2014-0050)

Summary IBM Sterling Secure Proxy is shipped with IBM Runtime Environment, Java™ Technology Edition the “IBM JRE”, that is based on an Oracle Java Runtime Environment JRE. Oracle has released the January 2014 critical patch updates CPU that contain security vulnerability fixes for the JRE. The IB...

Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Sterling Secure Proxy. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote...

Security Bulletin: Vulnerability in Apache Commons Fileupload affects IBM Control Center (CVE-2016-3092)

Summary Apache Commons Fileupload vulnerability affects IBM Control Center. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could...

Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM Control Center (CVE-2016-1000031)

Summary The DiskFileItem class in Apache Commons Fileupload before 1.3.3, as used in Control Center, could allow remote attackers to execute arbitrary code under current context of the current process causing an undefined behavior. Vulnerability Details CVEID: CVE-2016-1000031 Description: Apache...

Security Bulletin: IBM OpenPages GRC Platform is affected by a vulnerability in Apache Commons FileUpload (CVE-2016-1000031)

Summary IBM OpenPages GRC Platform has addressed vulnerability in Apache Commons FileUpload CVE-2016-1000031 Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrar...

Denial of Service

Overview Versions of express-fileupload prior to 1.1.6-alpha.6 are vulnerable to Denial of Service. The package causes server responses to be delayed up to 30s in internal testing if the request contains a large filename of . characters. Recommendation Upgrade to version 1.1.6-alpha.6 or later...

SUSE-SU-2019:1212-2 Security update for jakarta-commons-fileupload

This update for jakarta-commons-fileupload fixes the following issue: Security issue fixed: - CVE-2016-1000031: Fixed remote execution bsc1128963, bsc1128829...

CVE-2019-0189

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...

CVE-2019-0189

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the...