6525 matches found
CVE-2020-5405 Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted UR...
Oracle GoldenGate for Big Data 12.2.0.1.x < 12.2.0.1.10 / 12.3.1.1.x < 12.3.1.1.6 Multiple Vulnerabilities (Oct 2018 CPU)
The version of Oracle GoldenGate for Big Data application located on the remote host is 12.2.0.1.x less than 12.2.0.1.10 or 12.3.1.1.x less than 12.3.1.1.6. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists in Oracle GoldenGate for Big Data. An...
MITREid 1.3.3 Cross Site Scripting
MITREid Connect OpenID-Connect-Java-Spring-Server version 1.3.3 and earlier is vulnerable to Cross-Site Scripting; the users name is included in topbar.tag and header.tag without being sanitized. A user can set their name to a value like: Testalert1 Which will be included in JSON used by a...
Spring Batch Installed
Binary data pivotalsoftwarespringbatchinstalled.nbin...
Spring Integration Installed
Binary data pivotalsoftwarespringintegrationinstalled.nbin...
Spring AMQP Installed
Binary data pivotalsoftwarespringamqpinstalled.nbin...
Spring Boot Installed
Binary data pivotalsoftwarespringbootinstalled.nbin...
Spring Data JPA Installed
Binary data pivotalsoftwarespringdatajpainstalled.nbin...
Spring Security OAuth Installed
Binary data pivotalsoftwarespringsecurityoauthinstalled.nbin...
Spring Projects Linux Detection
Binary data pivotalsoftwarespringprojectslinuxinstalled.nbin...
Arbitrary File Read Vulnerability in Spring Cloud Config
Spring Cloud Config is a configuration center in a distributed system , microservice environment , centralized management of all the services of the various environment configuration files , large-scale update of a configuration . Spring Cloud Config has an arbitrary file read vulnerability that...
Spring Projects Windows Detection
Binary data pivotalsoftwarespringprojectswininstalled.nbin...
Spring Data REST Installed
Binary data pivotalsoftwarespringdatarestinstalled.nbin...
Spring Security Installed
Binary data pivotalsoftwarespringsecurityinstalled.nbin...
Spring Data Commons Installed
Binary data pivotalsoftwarespringdatacommonsinstalled.nbin...
Insecure version of Spring Web MVC used in Confluence Analytics
Hello! A transitive dependency issue has been found in Confluence Analytics: https://atlassian.sourceclear.io/workspaces/Paaina7/issues/vulnerabilities/26465610 Confluence Analytics has a transitive dependency on the Spring Web MVC library, which has a security bug. The issue can be fixed by...
Spring Framework Vulnerability - CVE-2020-5398
h3. Issue Summary Security vulnerability scan gave a red flag for Spring Framework plugin version that is used in Bitbucket Server version 6.10.0. The CVE-2020-5398 is being noted from the report scan. h3. Description Plugin: Spring Framework 5.0.x 5.0.16 / 5.1.x 5.1.13 / 5.2.x 5.2.3 Spring...
Spring Framework Vulnerability - CVE-2020-5398
h3. Issue Summary Security vulnerability scan gave a red flag for Spring Framework plugin version that is used in Bitbucket Server version 6.10.0. The CVE-2020-5398 is being noted from the report scan. h3. Description Plugin: Spring Framework 5.0.x 5.0.16 / 5.1.x 5.1.13 / 5.2.x 5.2.3 Spring...
CVE-2020-5397
A flaw was found in springframework. CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints are possible. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials a...
ysoserial
This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Java...