Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a suite of Java-based applications from the Apache Foundation that are primarily used to process images in SVG format. A security vulnerability exists in versions of Apache XML Graphics prior to 1.16 that stems from a problem with Batik that allows an attacker to run...

CVE-2022-20419

In setOptions of ActivityRecord.java, there is a possible load any arbitrary Java code into launcher process due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-37767

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...

Security Bulletin: Vulnerability in Apache Commons in IBM WebSphere Application Server affects Intelligent Operations Center and related products (CVE-2015-7450)

Summary Remote execution vulnerability in Apache Commons Collections affects Intelligent Operations Center components WebSphere Application Server WAS or WAS Hypervisor Edition. Vulnerability Details CVE ID :CVE-2015-7450 Description: Apache Commons Collections could allow a remote attacker to...

CVE-2022-31197

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

CVE-2022-31197

PostgreSQL JDBC Driver PgJDBC for short allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the java.sql.ResultRow.refreshRow method is not performing escaping of column names so a malicious column name that contain...

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

Remote code execution

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

CVE-2022-30981

The provided Connected documents identify a concrete vulnerability: Gentics CMS prior to 5.43.1 is vulnerable to arbitrary data deserialization (via uploading a malicious ZIP file), which can potentially lead to Java code execution. The root cause is unsafe Java deserialization during ZIP upload....

CVE-2021-45983

NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution...

Deserialization of Untrusted Data in Apache Tapestry

By manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class, the value of this...

dotCMS allows remote authenticated users to execute arbitrary Java code

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted 1 XSLT or 2 Velocity template...

GHSA-42VG-Q6MW-CFH5 dotCMS allows remote authenticated users to execute arbitrary Java code

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted 1 XSLT or 2 Velocity template...

GHSA-C2FP-MPMM-CQXV Code injection via property expansion in SoapUI

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

Code injection via property expansion in SoapUI

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

Improper Control of Generation of Code in HawtJNI

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

Restlet Arbitrary Java Code Execution via a serialized object

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...