D-Link DNR-322L 安全漏洞

The D-Link DNR-322L is a surveillance memory from D-Link. A command injection vulnerability exists in D-Link DNR-322L version 2.60B15 and earlier, which stems from a data integrity failure in the backup configuration and can be exploited by an authenticated attacker to execute OS-level commands o...

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...