5 matches found
Astra Linux - ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² libpgjava
In pgjdbc before version 42.3.3, an attacker who controls the jdbc URL or properties can use java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example scenario is that an attacker could create a executable JSP file under a...
The vulnerability of the Log4j Java logging library, related to insecure privilege management, allows an attacker to execute arbitrary code.
The vulnerability of the Log4j Java logging library lies in the insecure management of privileges. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the Log4j Java logging library lies in its insecure handling of privileges, allowing attackers to escalate their privileges.
The vulnerability of the Log4j Java logging library lies in the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...