EUVD-2022-3922

Malicious code in bioql PyPI...

GHSA-G7WM-22M6-5774 Asset Pipeline plugin for Grails vulnerable to Path Traversal

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

Asset Pipeline plugin for Grails vulnerable to Path Traversal

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader

A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2018-17605

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

Directory traversal

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

CVE-2018-17605

CVE-2018-17605 affects the Asset Pipeline plugin for Grails (versions before 3.0.4). A directory traversal flaw exists when a servlet-based application runs in Jetty, due to a classloader vulnerability that enables a reverse file traversal path via AssetPipelineFilter.groovy or AssetPipelineFilte...

CVE-2018-17605

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...

Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Web Interface for Content Management (WEBi)

Summary Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and...

Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Navigator

Summary Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability CVE-2014-0114 in IBM Content Navigator Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Open Source Apache Struts V1 ClassLoader manipulation vulnerability CVSS Base Score: 7.5 CVSS Temporal Scor...

Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts ClassLoader Manipulation Remote Code Execution',...

Reproduce Struts1 manipulation of the classLoader vulnerability-vulnerability warning-the black bar safety net

Note: this article is only limited technical research, explore, test use. 2 0 1 4 year 4 month 2 9 day burst of struts may be to manipulate the classLoader vulnerability across the struts1 and struts2 all versions. The impact and the severity of the problem can be almost and the heartbleed...

[ANN][SECURITY] Struts 1 - CVE-2014-0114 -Mitigation Advice Available, Possible RCE Impact

As confirmed in our last announcement, the Apache Struts 1 framework in all versions is affected by a ClassLoader manipulation vulnerability CVE-2014-0114 similar to a recently fixed vulnerability in Struts 2 CVE-2014-0112, CVE-2014-0094 1. Thanks to the efforts of Alvaro Munoz and the HP Fortify...

CVE-2010-4351

The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...