DEBIAN-CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

UBUNTU-CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

Directory traversal

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

CVE-2014-3625

CVE-2014-3625 is a directory traversal vulnerability in Spring Framework. Affected versions: 3.0.4–3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2. Description from sources: remote attackers could read arbitrary files via unspecified vectors related to static resource handling. Im...

CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

CVE-2014-3625

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling...

Each of the large browser vendors in the mobile browser present the same security issues-vulnerability warning-the black bar safety net

Test are millet 2s mobile phone, the affected vendors+test version numberthe latest version: Sogou browser myhack58: sogou mobile browser cross-domain scripting vulnerability, one of the Chat Hot Spring Resort browser series 9 9.5.1.79796 2 3 4 5 browser 5.6.2 Baidu hao123 Internet navigation...

RHEL 4 : JBoss EWP (RHSA-2013:0197)

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140710-0 ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed...

Framework: Information disclosure via SSRF

It was found that the Spring Framework did not, by default, disable the resolution of URI references in a DTD declaration when processing user-provided XML documents. By observing differences in response times, an attacker could identify valid IP addresses on the internal network with functioning...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 security update

Red Hat JBoss Fuse and A-MQ 6.1.0 Rollup Patch 1, which addresses several security issues, multiple bug fixes, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability...

CVE-2014-5859

The CVE-2014-5859 entry concerns The Star Girl: Colors of Spring (Android app com.animoca.google.starGirlSpring) version 3.4.1. The provided descriptions state that the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensit...

[SECURITY] Fedora 20 Update: springframework-security-3.1.7-1.fc20

Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...

[SECURITY] Fedora 19 Update: springframework-security-3.1.7-1.fc19

Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...

Shopizer 1.1.5 Multiple Vulnerability

Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, data manipulation , authorization bypass and hardcoded key vulnerabilities. title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and...

Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v...

Shopizer 1.1.5 Authorization Bypass / Hardcoded Key

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v2 new codebase impact: high homepage:...

Spring Framework arbitrary code execution

No description provided by source. CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be...

Apache Rave 0.11 - 0.20 - User Information Disclosure

No description provided by source. CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This...