3 matches found
GHSA-MJ8X-CPR8-X39H Remote code execution in Apache Tapestry
A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...
Information Disclosure
jboss-seam is vulnerable to information disclosure. The vulnerability exists as the property that controls the download of server classes was set to "true" in the "production" configuration. When the class download service is bound to an external interface, a remote attacker was able to download...
[Full-disclosure] JBoss jBPM 2.0: Remote code execution and classloader covert channel
Security Advisory: jBPM 2.0 Date: 06/22/05 URL: http://www.illegalaccess.org/java/jbpm.php " JBoss jBPM is a flexible, extensible workflow management system." jbpm.org Problem 1: Remote code execution possible with jBPM . This allows an attacker to trigger an arbitrary executable on the jBPM/ JBo...