Deserialization Of Untrusted Data

Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the acceptance of untrusted JNDI URIs for JCR lookup, which allows an attacker to inject malicious JNDI references that trigger deserialization of untrusted...

EUVD-2015-1992

Malware in sbrugna...

EUVD-2013-6537

Malware in sbrugna...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JCR lookup functionality. An attacker can execute arbitrary code by injecting malicious JNDI references that are deserialized when untrusted JNDI URIs are accepted. JNDI URIs are can be...

Adobe InDesign 跨站脚本漏洞

Adobe Acs-aem-commons is a Java-based codebase for AEM/CQ code collections generated according to AEM by Adobe in the United States. A security vulnerability exists in Adobe ACS Commons that stems from a failure to properly handle invalid JCR characters, which can be exploited by an attacker to...

Unspecified Vulnerability in Apache Sling JCR ContentLoader XmlReader

Apache Sling JCR ContentLoader is the United States Apache Apache Software Foundation for the Java platform for a set of open source Web framework. The framework can be in the JCR Content Repository Java Content Repository on the creation of content-oriented applications . XmlReader is one of the...

CVE-2015-1887

IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository JCR information via a crafted request...

CVE-2013-6735

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository JCR information via a modified Web...

Code injection

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository JCR information via a modified Web...

CVE-2013-6735

CVE-2013-6735 affects IBM Web Content Manager (WCM). The connected sources confirm an XPath-injection vulnerability in WCM LIBRARY parameter that allows an unauthenticated attacker to manipulate requests and potentially extract sensitive configuration/JCR data from vulnerable WCM installations (v...