71 matches found
Mandriva Linux Security Advisory : struts (MDVSA-2014:095)
Updated struts packages fix security vulnerability : It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...
Updated struts packages fix CVE-2014-0114
Updated struts packages fix security vulnerability: It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...
1: Class Loader manipulation via request parameters
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CentOS Update for struts CESA-2014:0474 centos5
Check for the Version of struts OpenVAS Vulnerability Test CentOS Update for struts CESA-2014:0474 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
DEBIAN-CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
UBUNTU-CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CVE-2014-0094
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method...
Directory traversal
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. dot dot in the class parameter to 1 index.php or 2 admin/index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AMFPHP 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 class parameter to a methodTable.php, b code.php, and c details.php in browser/; and the 2 location parameter to browser/code.php. NOTE: the provenance of this...
PT-2006-5603 · Hitweb · Hitweb
Name of the Vulnerable Software and Affected Versions: Hitweb versions 3.0 Description: The issue concerns remote file inclusion vulnerabilities in Hitweb 3.0, allowing remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the REP CLASS parameter to various PHP...
CVE-2002-2350
Cross-site scripting XSS vulnerability in zusershow.php in dbtreelistpropertymethod.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter...