Lucene search
K

71 matches found

Tenable Nessus
Tenable Nessus
added 2014/05/19 12:0 a.m.36 views

Mandriva Linux Security Advisory : struts (MDVSA-2014:095)

Updated struts packages fix security vulnerability : It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...

7.5CVSS7.3AI score0.95821EPSS
Exploits4References2
Mageia
Mageia
added 2014/05/14 10:13 p.m.113 views

Updated struts packages fix CVE-2014-0114

Updated struts packages fix security vulnerability: It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...

7.5CVSS9.2AI score0.95821EPSS
Exploits4References2
RedHat Linux
RedHat Linux
added 2014/05/14 7:7 p.m.5 views

1: Class Loader manipulation via request parameters

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

7.5CVSS7.1AI score0.95821EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2014/05/12 12:0 a.m.36 views

CentOS Update for struts CESA-2014:0474 centos5

Check for the Version of struts OpenVAS Vulnerability Test CentOS Update for struts CESA-2014:0474 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

7.5CVSS7.6AI score0.95821EPSS
Exploits4References2
OSV
OSV
added 2014/04/30 10:49 a.m.4 views

DEBIAN-CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

7.5CVSS7.7AI score0.95821EPSS
Exploits4References1
OSV
OSV
added 2014/04/30 10:49 a.m.3 views

UBUNTU-CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

7.5CVSS7.2AI score0.95821EPSS
Exploits4References4
UbuntuCve
UbuntuCve
added 2014/03/11 1:0 p.m.71 views

CVE-2014-0094

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...

5CVSS7.2AI score0.99614EPSS
Exploits7References2
Prion
Prion
added 2012/02/24 1:55 p.m.23 views

Directory traversal

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. dot dot in the class parameter to 1 index.php or 2 admin/index.php...

5CVSS7.2AI score0.09794EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2008/04/23 1:5 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 class parameter to a methodTable.php, b code.php, and c details.php in browser/; and the 2 location parameter to browser/code.php. NOTE: the provenance of this...

4.3CVSS6AI score0.01211EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2006/09/19 12:0 a.m.7 views

PT-2006-5603 · Hitweb · Hitweb

Name of the Vulnerable Software and Affected Versions: Hitweb versions 3.0 Description: The issue concerns remote file inclusion vulnerabilities in Hitweb 3.0, allowing remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the REP CLASS parameter to various PHP...

7.5CVSS8.2AI score0.06292EPSS
Exploits1References6
NVD
NVD
added 2002/12/31 5:0 a.m.10 views

CVE-2002-2350

Cross-site scripting XSS vulnerability in zusershow.php in dbtreelistpropertymethod.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter...

4.3CVSS5.7AI score0.00871EPSS
Exploits1References2
Rows per page
Query Builder