10 matches found
EUVD-2021-1261
Malware in sbrugna...
CVE-2021-3396
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts 1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions...
CVE-2021-3396
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts 1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions...
Remote code execution
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts 1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions...
CVE-2021-3396
OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5, Horizon 1.2 through 27.0.4, and Newts 1.5.3 has Incorrect Access Control, which allows local and remote code execution using JEXL expressions...
Tarus Balog OpenNMS Meridian Security Vulnerability
Tarus Balog OpenNMS Meridian is an application from Canary Tarus Balog, Inc. It provides for building network monitoring solutions. A security vulnerability exists in OpenNMS Meridian that arises from a network system or product that does not properly restrict access to resources from unauthorize...
Server-Side Template Injection
syncope-core-provisioning-java is vulnerable to server-side template injection. Remote attackers are able to inject arbitrary JEXL expressions via the Mail templates and execute arbitrary code on the system...
[SECURITY] CVE-2014-0111 Apache Syncope
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0111: Remote code execution by an authenticated administrator Severity: Important Vendor: The Apache Software Foundation Versions Affected: Syncope 1.0.0 to 1.0.8 Syncope 1.1.0 to 1.1.6 Description: In the various places in which Apache Commo...
CVE-2014-0111
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."...
CVE-2014-0111
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."...