CVE-2010-1622

CVE-2010-1622 affects Spring Framework 2.5.x up to 2.5.6.SEC02 and 2.5.7 up to 2.5.7.SR01, and 3.0.x up to 3.0.3. The issue arises from binding request data to Java beans, which allows an attacker to overwrite nested properties of the ClassLoader (notably via class.classLoader.URLs[0]), enabling ...

PT-2010-1181 · Spring · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 2.5.x through 2.5.5, 2.5.7 before 2.5.7.SR01, and 3.0.x through 3.0.2 Description: The issue is related to incorrect code generation management in the Spring Framework, allowing remote attackers to execute arbitrary...

CVE-2010-1622: Spring Framework execution of arbitrary code

CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be affected Description: The Spring...

Spring Framework - Arbitrary code Execution

Spring Framework - Arbitrary code Execution CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions ma...

Spring Framework - Arbitrary code Execution

CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be affected Description: The Spring...

Mandriva Update for kdelibs4 MDVA-2010:024 (kdelibs4)

Check for the Version of kdelibs4 OpenVAS Vulnerability Test Mandriva Update for kdelibs4 MDVA-2010:024 kdelibs4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

Design/Logic Flaw

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

MDVA-2008:070 : dkms

The dkms-minimal package in Mandriva Linux 2008 Spring did not require lsb-release. If lsb-release was not installed, the dkms modules were installed in the standard location, instead of the intended /dkms or /dkms-binary. This update fixes that issue. Due to another bug, dkms would consider olde...

MDVA-2008:099 : swi-prolog

The package included with Mandriva Linux 2008 Spring for swi-prolog could not be installed due to an incorrect dependency. This updated package removes the incorrect dependency and can be installed as normal. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch...

MDVA-2009:019 : glibc

The glibc packages released with Mandriva Linux 2008 and Mandriva Linux 2008 Spring had the /etc/ld.so.conf file using relative paths to include other config files at /etc/ld.so.conf.d, breaking usage of ldconfig -r, for example when you have chroot environments. This update fixes ld.so.conf to u...

MDVA-2008:110 : pulseaudio

The pulseaudio package shipped with Mandriva 2008 Spring does not remember a default device setting across sessions. If a user were to use pavucontrol to select an alternate default device, it will only work for that session. Logging out then back in again will revert back to the system default. ...

MDVA-2008:013 : skencil

The package for the drawing application Skencil contained a bug which causes it not to be able to access the system fonts correctly. Consequently, it was impossible to enter text properly in Skencil, and Skencil would consume a high level of system resources if you attempt to use the text tools...

Mandriva Update for bash-completion MDVA-2008:125 (bash-completion)

Check for the Version of bash-completion OpenVAS Vulnerability Test Mandriva Update for bash-completion MDVA-2008:125 bash-completion Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute i...

CMS Made Simple 1.4.1 Local File Inclusion Vulnerability

No description provided by source. Type: Directory Traversal vulnerability Unix tested / Root privileges escalation Vendor: CMS Made Simple Software: CMS Made Simple 1.4.1 "Spring Garden" and probably others ... Author: M4ck-h@cK Date 29.11.2008 Home: sweet home contact: no, thx : Exploit: Demo: ...

CMS Made Simple 1.4.1 - Local File Inclusion

Type: Directory Traversal vulnerability Unix tested / Root privileges escalation Vendor: CMS Made Simple Software: CMS Made Simple 1.4.1 "Spring Garden" and probably others ... Author: M4ck-h@cK Date 29.11.2008 Home: sweet home contact: no, thx : Exploit: Demo: on...

FreeSSHD 1.2.1 (Post Auth) Remote Seh Overflow Exploit

!/usr/bin/perl FreeSSHD 1.2.1 Post Auth Remote Seh Overflow http://freeddsshd.com/ Exploit based on securfrog Poc http://www.milw0rm.com/exploits/5709 Coded by Matteo Memelli aka ryujin Spaghetti & PwnSauce http://www.be4mind.com http://www.gray-world.net Tested on Windows XPSp2 EN / Windows Vist...

freeSSHd 1.2.1 (Post Auth) Remote SEH Overflow Exploit

Exploit for unknown platform in category remote exploits ====================================================== freeSSHd 1.2.1 Post Auth Remote SEH Overflow Exploit ====================================================== !/usr/bin/perl FreeSSHD 1.2.1 Post Auth Remote Seh Overflow...

freeSSHd 1.2.1 - (Authenticated) Remote Overflow (SEH)

freeSSHd 1.2.1 - Authenticated Remote Overflow SEH !/usr/bin/perl FreeSSHD 1.2.1 Post Auth Remote Seh Overflow http://freeddsshd.com/ Exploit based on securfrog Poc http://www.milw0rm.com/exploits/5709 Coded by Matteo Memelli aka ryujin Spaghetti & PwnSauce http://www.be4mind.com...