Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

168 matches found

CVE
CVEadded 2014/07/11 2:0 p.m.56 views

CVE-2014-3503

Apache Syncope 1.1.x before 1.1.8 is affected. The issue stems from using insecure Random implementations to generate user passwords, enabling remote attackers to guess passwords by brute force. The fixed version is 1.1.8 (Ad libitum); upgrading is advised. If upgrading is not possible, apply off...

5CVSS6.8AI score0.05974EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2014/07/11 2:0 p.m.29 views

CVE-2014-3503

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack...

6.7AI score0.05974EPSS
Exploits0References4
securityvulns
securityvulnsadded 2014/05/04 12:0 a.m.144 views

[SECURITY] CVE-2014-0111 Apache Syncope

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0111: Remote code execution by an authenticated administrator Severity: Important Vendor: The Apache Software Foundation Versions Affected: Syncope 1.0.0 to 1.0.8 Syncope 1.1.0 to 1.1.6 Description: In the various places in which Apache Commo...

6.5CVSS1.5AI score0.03284EPSS
Exploits1
NVD
NVDadded 2014/04/17 2:55 p.m.29 views

CVE-2014-0111

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."...

6.5CVSS7.4AI score0.03284EPSS
Exploits1References3
Prion
Prionadded 2014/04/17 2:55 p.m.19 views

Code injection

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."...

6.5CVSS8AI score0.03284EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2014/04/17 2:0 p.m.52 views

CVE-2014-0111

CVE-2014-0111 affects Apache Syncope: remote code execution via Apache Commons JEXL expressions in areas such as derived schema definition, user/role templates, and account links of resource mappings. Impact is that a authenticated administrator could inject and execute arbitrary Java code on the...

6.5CVSS7.6AI score0.03284EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2014/04/17 2:0 p.m.34 views

CVE-2014-0111

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."...

7.4AI score0.03284EPSS
Exploits1References3
seebug.org
seebug.orgadded 2014/04/17 12:0 a.m.81 views

Apache Syncope特制Commons JEXL表达式远程代码执行漏洞

CVE ID:CVE-2014-0111 Apache Syncope是用在企业环境的数字身份管理,在JEE技术的实施和Apache 2.0许可下发布的开源系统。 Apache Syncope处理特制的Apache Commons JEXL表达式存在安全漏洞,允许通过验证的远程攻击者通过运行Apache Syncope core的JEE container来执行任意代码。 0 Apache Syncope 1.0.0 Apache Syncope 1.0.8 Apache Syncope 1.1.0 Apache Syncope 1.1.6 Apache Syncope 1.0.9,...

6.5CVSS6.6AI score0.03284EPSS
Exploits1
Rows per page
Query Builder