CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

Code injection

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

F5 Networks BIG-IP : TMUI RCE (CVE-2020-5902) (Direct Check)

A remote code execution vulnerability exists in Traffic Management User Interface TMUI, also referred to as the Configuration utility. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary system commands, create or delete files, disable services,...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902...

CVE-2015-0279: Expression Language Injection in FortiSIEM

An expression language injection vulnerability in FortiSIEM JBoss RichFaces library may allow a remote attacker to inject expression language EL expressions and execute arbitrary Java code via the do parameter...

Code injection

Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...

Unspecified Vulnerability in codeBeamer

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in codeBeamer versions prior t...

CVE-2019-20635

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...

CVE-2019-20635

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...

Code injection

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields...

CVE-2019-20635

CVE-2019-20635 affects codeBeamer prior to 9.5.0-RC3. The root cause is insufficient restriction of computing fields that can execute custom Java code and access the Java class loader. Impact, as stated, is the possibility to run custom Java code via these fields, with the risk of subsequent acce...

Arbitrary Code Execution

smbj is vulnerable to arbitrary code execution. The vulnerability exists because the 'SMBException' contains a public static field that is not marked final. An attacker could send a malicious Java code to read and write to this field and cause the program to behave in an unexpected manner...

CVE-2020-9761

An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called...

CVE-2020-9761

An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called...

CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

Design/Logic Flaw

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

CVE-2020-5529

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is...

PT-2020-18504 · Htmlunit +1 · Htmlunit +1

Name of the Vulnerable Software and Affected Versions: HtmlUnit versions prior to 2.37.0 Description: The issue is related to improper initialization of the Rhino engine in HtmlUnit, allowing malicious JavaScript code to execute arbitrary Java code on the application. This problem also affects...