Lucene search
+L

1104 matches found

RedHat Linux
RedHat Linux
added 2011/07/18 8:32 p.m.8 views

JBoss Seam EL interpolation in exception handling

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly...

6.8CVSS6.2AI score0.02593EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/07/18 8:29 p.m.4 views

JBoss Seam EL interpolation in exception handling

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly...

6.8CVSS6.2AI score0.02593EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/07/18 8:15 p.m.7 views

JBoss Seam EL interpolation in exception handling

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly...

6.8CVSS6.2AI score0.02593EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/04/20 7:48 p.m.5 views

JBoss Seam privilege escalation caused by EL interpolation in FacesMessages

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

6.8CVSS6.2AI score0.02286EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/04/20 7:46 p.m.4 views

JBoss Seam privilege escalation caused by EL interpolation in FacesMessages

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

6.8CVSS6.2AI score0.02286EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/04/20 7:35 p.m.10 views

JBoss Seam privilege escalation caused by EL interpolation in FacesMessages

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

6.8CVSS6.2AI score0.02286EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/04/20 7:33 p.m.4 views

JBoss Seam privilege escalation caused by EL interpolation in FacesMessages

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

6.8CVSS6.2AI score0.02286EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2010/08/04 12:0 a.m.7 views

PT-2010-1176 · Red Hat · Jboss Seam 2 +1

Name of the Vulnerable Software and Affected Versions: JBoss Seam 2 versions 2.0 through 2.3 JBoss Enterprise Application Platform version 4.3.0 Description: The issue is related to the improper sanitization of inputs for JBoss Expression Language EL expressions in JBoss Seam 2, which can be...

8.8CVSS9.8AI score0.83397EPSS
Exploits8References19
RedHat Linux
RedHat Linux
added 2010/07/27 12:51 p.m.7 views

Seam2: Improper sanitization of parametrized JBoss EL expressions (ACE)

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when th...

8.8CVSS7.8AI score0.83397EPSS
Exploits8References5
NVD
NVD
added 2010/05/27 7:0 p.m.25 views

CVE-2010-2087

Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...

4.3CVSS5.9AI score0.01502EPSS
Exploits2References2
NVD
NVD
added 2010/05/27 7:0 p.m.27 views

CVE-2010-2086

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

4CVSS5.9AI score0.02118EPSS
Exploits1References2
OSV
OSV
added 2010/05/27 7:0 p.m.7 views

CVE-2010-2087

Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...

6AI score
Exploits0References2
OSV
OSV
added 2010/05/27 7:0 p.m.6 views

DEBIAN-CVE-2010-2087

Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...

4.3CVSS6.3AI score0.01502EPSS
Exploits2References1
Prion
Prion
added 2010/05/27 7:0 p.m.24 views

Cross site scripting

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

4CVSS6.3AI score0.02118EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2010/05/27 6:32 p.m.48 views

CVE-2010-2087

Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...

4.3CVSS5.8AI score0.01502EPSS
Exploits2
CVE
CVE
added 2010/05/27 6:32 p.m.94 views

CVE-2010-2086

Affected software: Apache MyFaces 1.1.7 and 1.2.8 (as used in IBM WebSphere Application Server and other apps). Vulnerability : Unencrypted view state handling allows remote attackers to perform cross-site scripting (XSS) or execute arbitrary EL statements by modifying the serialized view object....

4CVSS6AI score0.02118EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2010/05/27 6:32 p.m.38 views

CVE-2010-2086

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

5.9AI score0.02118EPSS
Exploits1References2
Cvelist
Cvelist
added 2010/05/27 6:32 p.m.28 views

CVE-2010-2087

Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...

5.9AI score0.01502EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2010/02/23 8:20 p.m.5 views

MyFaces: XSS via state view

JBoss Enterprise Web Server 1.0.0 ships with Apache MyFaces 1.1.0. Apache MyFaces 1.1.0 does not support encrypted view state. When the application's view state is not encrypted, it is possible for an attacker to supply a new or modified view object as part of a request. This allows remote...

4CVSS5.9AI score0.02118EPSS
Exploits1References4
OSV
OSV
added 2009/04/09 3:8 p.m.4 views

DEBIAN-CVE-2009-1275

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

6.8CVSS5.8AI score0.02811EPSS
Exploits0References1
Rows per page
Query Builder