182 matches found
CVE-2017-4971
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...
CVE-2017-4971
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default i.e., set to 'false' can be vulnerable to malicious EL expressions in view states that process form...
Pivotal Spring Web Flow Security Bypass Vulnerability(CVE-2017-4971)
Author: iswin@ThreatHunter A. Vulnerability description This vulnerability is in year 6 at the beginning has just been submittedtransfer Gate, the official and there is no detailed information, by the official Description and a patch of the contrast, we can roughly infer should be the Spring Web...
CVE-2017-4971: Spring WebFlow remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
Spring severe of these vulnerabilities have traditionally not too much, before the more serious that problem is Spring's JavaBean automatic binding function, the result can be control class, which can lead to the use of certain characteristics of the execution of arbitrary code, but that...
Pivotal Spring Web Flow Remote Code Execution Vulnerability
Pivotal Spring Web Flow is a web application from Pivotal Software, Inc. that provides navigation for check-in, loan application or shopping cart checkout. A remote code execution vulnerability exists in Pivotal Spring Web Flow versions 2.4.0 through 2.4.4. The vulnerability is caused due to a...
Data Binding Expression Vulnerability
Spring Web Flow is vulnerable to a data binding expression vulnerability. The vulnerability is possible because the MvcViewFactoryCreator useSpringBinding property is set to false by default. Therefore, the applications which use the default settings are vulnerable to malicious EL expressions in...
[SECURITY] Fedora 20 Update: castor-1.3.3-1.fc20
Castor is an open source data binding framework for Java. It's basically the shortest path between Java objects, XML documents and SQL tables. Castor provides Java to XML binding, Java to SQL persistence, and more...
[SECURITY] Fedora 21 Update: castor-1.3.3-1.fc21
Castor is an open source data binding framework for Java. It's basically the shortest path between Java objects, XML documents and SQL tables. Castor provides Java to XML binding, Java to SQL persistence, and more...
Internet Explorer Data Binding Memory Corruption
No description provided by source. $Id: ms08078xmlcorruption.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...
CVE-2012-1833
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application...
Design/Logic Flaw
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application...
CVE-2012-1833
The CVE-2012-1833 entry affects VMware SpringSource Grails before 1.3.8 and Grails 2.x before 2.0.2. The root cause is improper data binding restrictions, which could allow remote attackers to bypass access controls and modify arbitrary object properties through a crafted request parameter. No ex...
Microsoft Internet Explorer Data Binding Memory Corruption
$Id: ms08078xmlcorruption.rb 8445 2010-02-10 20:41:07Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Microsoft Internet Explorer Data Binding Memory Corruption
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3...
US-CERT Technical Cyber Security Alert TA08-352A -- Microsoft Internet Explorer Data Binding Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-352A Microsoft Internet Explorer Data Binding Vulnerability Original release date: December 17, 2008 Last revised: -- Source: US-CERT Systems Affected Microsoft Internet Explorer Microsof...
Internet Explorer XML data binding memory corruption
Added: 12/12/2008 CVE: CVE-2008-4844 BID: 32721 OSVDB: 50622 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A data binding error allows command execution when a user loads specially crafted XML code containing nested SPAN tags,...
Internet Explorer XML data binding memory corruption
Added: 12/12/2008 CVE: CVE-2008-4844 BID: 32721 OSVDB: 50622 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A data binding error allows command execution when a user loads specially crafted XML code containing nested SPAN tags,...
Internet Explorer XML data binding memory corruption
Added: 12/12/2008 CVE: CVE-2008-4844 BID: 32721 OSVDB: 50622 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A data binding error allows command execution when a user loads specially crafted XML code containing nested SPAN tags,...
Microsoft Internet Explorer data binding memory corruption vulnerability
Overview Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains an invalid pointer vulnerability in its da...
CVE-2003-0809
Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page...