2549 matches found
kingdee EAS系统 V7.5 /plt_iservice/service/findFavList.action 远程命令执行漏洞
0x01 框架介绍 全球第一款融合TOGAF标准SOA架构的企业管理软件,金蝶EAS面向亟待跨越 成长鸿沟的大中型企业,以"创造无边界信息流"为产品设计理念, 支持云计算、SOA 和动态流程管理的整合技术平台,全面覆盖企业战略管理、风险管理、集团财务管 理、战略人力资源管理、跨组织供应链、多工厂制造和外部产业链等管理领域,突破 流程制造、项目制造、供应商协作、客户协作等复杂制造和产业链协同应用,实现业 务的全面管理,支持管理创新与发展,帮助企业敏捷应对日益复杂的商业环境变化, 提升整体运作效率,实现效益最大化。 官方主页:www.kingdee.com 0x02 漏洞细节...
SOL17563 - Apache Struts vulnerability CVE-2015-2992
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
SOL17449 - Apache Struts 2 vulnerability CVE-2015-5169
Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...
Mageia: Security Advisory (MGASA-2015-0351)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2014-0474)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Struts Cross-Site Scripting Vulnerability (CNVD-2015-06370)
Apache Struts is an open source framework for creating enterprise Java Web applications. Apache Struts debug mode suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain...
Apache Struts Cross-Site Scripting Vulnerability
Apache Struts is an open source framework for creating enterprise Java Web applications. Apache Struts suffers from a cross-site scripting vulnerability when the JSP is directly accessible, allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be...
MGASA-2015-0351 Updated struts packages fix CVE-2015-0899
Updated struts packages fix security vulnerability: The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. Whe...
Updated struts packages fix CVE-2015-0899
Updated struts packages fix security vulnerability: The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. Whe...
Apache Struts vulnerable to cross-site scripting
Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC...
Apache Struts vulnerable to cross-site scripting
Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this...
[SECURITY] Fedora 22 Update: struts-1.3.10-14.fc22
Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...
JVN#88408929: Apache Struts vulnerable to cross-site scripting
Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Impact An arbitrary script may be executed on the user's Internet Explorer when the...
JVN#95989300: Apache Struts vulnerable to cross-site scripting
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a cross-site scripting vulnerability when devMode is left turned on. Impact An arbitrary script may be executed on the user's web browser. Solution Update th...
Fedora 22 : struts-1.3.10-14.fc22 (2015-14237)
fix CVE-2015-0899 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Networ...
Fedora Update for struts FEDORA-2015-14237
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Struts2 Remote Command Execution Vulnerability in Palm Ticket Issuance System
Pocket Airline Ticket Issuance System is a ticket issuance system of Beijing Aihong Technology Co. A Struts2 remote command execution vulnerability exists in the Pocket Ticket Issuance System. This vulnerability allows an attacker to remotely execute commands to gain server privileges...
Debian DLA-292-1 : libstruts1.2-java security update
The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validator is used, the web...
DLA-292-1 libstruts1.2-java - security update
Bulletin has no description...
SOL17126 - Apache Struts vulnerability CVE-2014-7809
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...