1986 matches found
Oracle MySQL Enterprise Monitor (July 2022 CPU)
The version of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General highlight.js. Supported versions that a...
Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-31805)
Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes Apache Struts v2.5.30. Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Vulnerability found in Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote...
Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Vulnerability found in Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote...
Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Vulnerability found in Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote...
Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Vulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allo...
Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Vulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allo...
Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Vulnerability found in Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote...
GHSA-CCP5-GG58-PXFM Improper Preservation of Permissions in Apache Struts
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload...
Improper Preservation of Permissions in Apache Struts
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload...
GHSA-265R-PP83-GWW7 Cross-site Scripting in Apache Struts
When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...
Cross-site Scripting in Apache Struts
When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...
Apache Struts 2.x < 2.5.29 Remote Code Execution (S2-062)
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...
Apache Struts is vulnerable to Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...
GHSA-WV7G-XHVW-8HCP Apache Struts directory traversal vulnerability
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f encoded dot dot slash in a URI with a /struts/ path, related to 1 FilterDispatcher in 2.0.x and 2 DefaultStaticContentLoader in 2.1...
Apache Struts directory traversal vulnerability
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f encoded dot dot slash in a URI with a /struts/ path, related to 1 FilterDispatcher in 2.0.x and 2 DefaultStaticContentLoader in 2.1...
GHSA-5PGJ-R7C6-7C7W Apache Struts Multiple XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...
Apache Struts Multiple XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in component handlers in the javatemplates aka Java Templates plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of...
GHSA-56F8-G68R-J699 Cross-site Scripting in Apache Struts
Multiple Cross-Site Scripting XSS in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation DMI is enabled, the action name is generated dynamically...
Cross-site Scripting in Apache Struts
Multiple Cross-Site Scripting XSS in XWork generated error pages in Apache Struts. By default, XWork doesn't escape action's names in automatically generated error page, allowing for a successful XSS attack. When Dynamic Method Invocation DMI is enabled, the action name is generated dynamically...