332 matches found
wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...
CVE-2020-11998
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack:...
CVE-2025-0758
Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed wit...
CVE-2025-0758
Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...
CVE-2025-0758 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource
Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...
CVE-2025-0758 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource
Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...
Hitachi Vantara Pentaho Business Analytics Server 安全漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2, 9.3.x, and 8.3.x. The...
PT-2025-16912 · Hitachi Vantara +1 · Hitachi Vantara Pentaho Business Analytics Server +1
Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2 Hitachi Vantara Pentaho Business Analytics Server versions 9.3.x Hitachi Vantara Pentaho Business Analytics Server versions 8.3.x Description: The product specifies...
Security Bulletin: Vulnerability in IBM® Host Access Beans affects IBM Host Access Transformation Services
Summary There is a vulnerability in IBM Host Access Beans 4 used by Host Access Transformation Services. Host Access Transformation Services has provided a fix for the applicable CVE. The CVE is listed as CVE-2021-38938. Vulnerability Details CVEID:CVE-2021-38938 DESCRIPTION: IBM Host Access...
Spring Tips: Beans, Beans: What's in a Spring bean?
Hi, Spring fans! In this installment we explore the essential Spring bean. What are they, how are they created, and what do they mean to you?...
Friday Squid Blogging: Vegan Squid-Ink Pasta
It uses black beans for color and seaweed for flavor. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
Exploit for Deserialization of Untrusted Data in Apache Activemq
Active MQ CVE-2023-46604 exploit This repository is a guide w...
ai.platon.pulsar:pulsar-beans (>=1.12.0 <=2.1.0), ai.platon.pulsar:pulsar-filter (>=1.12.0 <=2.1.0) +2777 more potentially affected by CVE-2023-46120 via com.rabbitmq:amqp-client (>=1.7.2 <=5.17.1)
com.rabbitmq:amqp-client MAVEN version =1.7.2, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =1.12.0, =0.1, =1.0.4, =1.0.4, =0.1, =0.1, =1.0.8, =1.0.8, =3.0.0 and more Source cves: CVE-2023-46120 Source advisory: OSV:GHSA-MM8H-8587-P46H...
PT-2023-26743 · Oscore · Oscore
Name of the Vulnerable Software and Affected Versions: oscore versions 2.2.6 and below Description: The issue is related to a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability can be exploited by passing an unchecked argument to the...
WordPress SEO Alert 1.59 Cross Site Scripting
Tittle: WordPress Plugin SEO ALert 3. Save to get the XSS trigger. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/0af475ba-5c02-4f62-876d-6235a745bbd6...
SEO ALert <= 1.59 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Vanilla Beans » SEO Alert. 2. In "Slack...
7.19.0 < 7.19.3 Embedded Spring-Beans Denial Of Service
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.9 prior to 7.13.12, 7.19.0 prior to 7.19.3. It is, therefore, affected by a Denial of Service DoS attack vulnerability when relying on attacker controlled data binding to set a...
Atlassian Confluence 7.13.9 < 7.13.12 Embedded Spring-Beans Denial Of Service
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.9 prior to 7.13.12, 7.19.0 prior to 7.19.3. It is, therefore, affected by a Denial of Service DoS attack vulnerability when relying on attacker controlled data binding to set a...
SUSE CVE-2009-2085
The Security component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans E...
SUSE CVE-2009-2090
Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions JMX Management Beans aka MBeans access restrictions, and cause a denial of service...