14 matches found
EUVD-2022-5742
Malicious code in bioql PyPI...
Apache MyFaces Trinidad Deserialization Vulnerability
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...
GHSA-X7RC-4GQW-3Q6Q Apache MyFaces Trinidad Deserialization Vulnerability
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...
Apache MyFaces Trinidad 跨站请求伪造漏洞
Apache MyFaces Trinidad is a U.S. Apache Apache Foundation contains a large number of enterprise-class component libraries and support for attachment JSF framework. A cross-site request forgery vulnerability exists in Apache MyFaces. The vulnerability stems from a lack of proper validation of...
Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (July 2017 CPU)
According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management EPPM installation running on the remote web server is 8.3.x prior to 8.3.15.4, 8.4.x prior to 8.4.15.2, 15.x prior to 15.2.15.1, or 16.x prior to 16.2.9.0. It is, therefore, affected by...
Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2017 CPU)
The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in the Enterprise Manager Base Platform component : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An...
Apache MyFaces Trinidad Remote Code Execution Vulnerability
Apache MyFaces Trinidad is a U.S. Apache Apache Software Foundation contains a large number of enterprise-class component libraries and support for attachment JSF framework. A remote code execution vulnerability exists in CoreResponseStateManager in Apache MyFaces Trinidad, which can be exploited...
CVE-2016-5019
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string...
CVE-2016-5019
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string...
Deserialization of untrusted data
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string...
CVE-2016-5019
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string...
Apache MyFaces Trinidad Information Disclosure Vulnerability
Apache MyFaces Trinidad versions 1.0.0 to 1.0.13, 1.2.1 to 1.2.14, 2.0.0 to 2.0.1, and 2.1.0 to 2.1.1 suffer from an information disclosure vulnerability. Clarification: The first line in this CVE 1 was a copy&paste error during message composition and is not part of the CVE. This line can make i...
Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...
Oracle JDeveloper Multiple RCE (July 2016 CPU)
The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple remote code execution vulnerabilities : - A remote code execution vulnerability exists in the Application Development Framework ADF Faces subcomponent that allows an...