Airspan Networks Mmp 代码问题漏洞

Airspan Networks Mmp is an advanced standalone network management software platform for Mimosa fixed wireless devices from Airspan Networks, U.S. Airspan Networks Mmp is vulnerable to a code issue that could be exploited by an attacker to pass specially crafted data to the application and create...

CVE-2022-21724 Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

CVE-2022-21724 Unchecked Class Instantiation when providing Plugin Classes

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based o...

GHSA-V7WG-CPWC-24M4 pgjdbc Does Not Check Class Instantiation when providing Plugin Classes

Impact pgjdbc instantiates plugin instances based on class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory, sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected interface before...

xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.*

A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to confidentiality,...

CVE-2020-4877

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized modifications by using public fields in public classes. IBM X-Force ID: 190843...

CVE-2020-4877

The CVE-2020-4877 issue affects IBM Cognos Controller 10.4.0, 10.4.1 and 10.4.2, where public fields in public classes could be misuse by an attacker to cause unauthorized modifications. The underlying root cause is an authorization issue that stems from not applying proper permissions to public ...

CVE-2018-14718

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using slf4j classes. An attacker could use this flaw to execute arbitrary code...

GHSA-4H9C-V5VG-5M6M Access to restricted PHP code by dynamic static class access in smarty

Impact Template authors could run restricted static php methods. Patches Please upgrade to 3.1.40 or higher. References See the documentation on Smarty security features on the staticclasses access filter. For more information If you have any questions or comments about this advisory please open ...

Access to restricted PHP code by dynamic static class access in smarty

Impact Template authors could run restricted static php methods. Patches Please upgrade to 3.1.40 or higher. References See the documentation on Smarty security features on the staticclasses access filter. For more information If you have any questions or comments about this advisory please open ...

GSD-2021-1002477 net/sched: sch_ets: don't peek at classes beyond 'nbands'

net/sched: schets: don't peek at classes beyond 'nbands' This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.83 by commit...

Duplicate Advisory: Remote Code Execution in AjaxNetProfessional

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r7c-6w96-8pvw. This link is maintained to preserve external references. Original Description All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of...

GHSA-74R6-GRJ9-8RQ6 Duplicate Advisory: Remote Code Execution in AjaxNetProfessional

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6r7c-6w96-8pvw. This link is maintained to preserve external references. Original Description All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4py pythonic pure python RCE exploit for CVE-2021-44228 log...

Crafter CMS Code Execution Vulnerability

Crafter CMS is an open source content management system CMS for digital experience applications.A code execution vulnerability exists in Crafter CMS, which stems from a web-based system or product that does not properly authenticate incoming data. An authenticated attacker could modify the main...

CVE-2021-23758

All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution...

CVE-2021-23758

All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution...

CVE-2021-23758 Deserialization of Untrusted Data

All versions of package ajaxpro.2 are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary .NET classes, which can be abused to gain remote code execution...

Crafter CMS 安全漏洞

Crafter CMS is an open source content management system CMS for digital experience applications.A code execution vulnerability exists in Crafter CMS, which stems from a web-based system or product that does not properly authenticate incoming data. An authenticated attacker could modify the main...

Open-xchange OX App Suite Code Injection Vulnerability

Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A code injection vulnerability exists in Open-xchange OX App Suite, which can be exploited by attacker...