SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140710-0 ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed...

VMware Security Updates for vCenter Server (VMSA-2014-0008)

The VMware vCenter Server installed on the remote host is version 5.0 prior to Update 3c, 5.1 prior to Update 3, or 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities in third party libraries : - The bundled version of Apache Struts contains a code execution flaw. Note...

DLA-57-1 libstruts1.2-java - security update

Bulletin has no description...

VMSA-2014-0008 : VMware vSphere product updates to third-party libraries

a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifier CVE-2014-0114 to this issue. b...

VMware Security Updates for vCenter Server (VMSA-2014-0008)

VMware has updated vSphere third party libraries. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:vcenterserver";...

VMware ESXi product updates to third party libraries (VMSA-2014-0008)

VMware has updated vSphere third party libraries. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VMware vSphere product updates to third party libraries

a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue.This issue may lead to remote code execution after authentication.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifier CVE-2014-0114 to this issue.Column 4...

VMSA-2014-0008:VMware vSphere product updates to third party libraries

VMSA-2014-0008.2 VMware vSphere product updates to third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0008.2 VMware Security Advisory Synopsis: VMware vSphere product updates to third party libraries VMware Security Advisory Issue date: 2014-09-09 VMwar...

IBM WebSphere Portal Apache Struts ClassLoader Manipulation RCE

The version of IBM WebSphere Portal on the remote host is affected by a remote code execution vulnerability in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the 'class' parameter of an ActionForm object to execute arbitrary code. %NASLMINLEVEL 70300 C...

[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

Fedora 20 : struts-1.3.10-10.fc20 (2014-9380)

fix CVE-2014-0114 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Networ...

Fedora Update for struts FEDORA-2014-9380

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 2940-1] libstruts1.2-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2940-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff Aug 21, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2940-1 (libstruts1.2-java - security update)

It was discovered that missing access checks in the Struts ActionForm object could result in the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2940.nasl 6759 2017-07-19 09:56:33Z teissa $ Auto-generated from advisory DSA 2940-1 using nvtgen 1.0 Script version: 1.0 Author:...

IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote...

JVN#19118282: Seasar S2Struts vulnerable to ClassLoader manipulation

Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Impact On a server...

Shopizer 1.1.5 - Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v...

Shopizer 1.1.5 Multiple Vulnerability

Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, data manipulation , authorization bypass and hardcoded key vulnerabilities. title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and...

Shopizer 1.1.5 Authorization Bypass / Hardcoded Key

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v2 new codebase impact: high homepage:...

Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed version: v...