9190 matches found
Richfaces 3.x Remote Code Execution Vulnerability
Exploit for multiple platform in category web applications Original report+advisories: TITLE: ==================== Unauthenticated Remote Code execution in WebApps using Richfaces 3.X all versions. RESUME ==================== RichFaces Framework 3.X through 3.3.4 all versions is vulnerable to...
Richfaces 3.x Remote Code Execution
Original report+advisories: TITLE: ==================== Unauthenticated Remote Code execution in WebApps using Richfaces 3.X all versions. RESUME ==================== RichFaces Framework 3.X through 3.3.4 all versions is vulnerable to Expression Language EL Injection via UserResource resource,...
CVE-2018-16621
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...
Design/Logic Flaw
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...
CVE-2018-16621
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...
CVE-2018-16621
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection...
Centreon Cross-Site Scripting Vulnerability (CNVD-2019-00831)
Centreon formerly known as Merethis Centreon is an open source IT monitoring software suite from Centreon France that needs to be paired with Nagios to manage Nagios via the web and third-party components to enable monitoring of networks, operating systems and applications. A cross-site scripting...
CVE-2018-19280
Centreon 3.4.x fixed in Centreon 18.10.0 has XSS via the resource name or macro expression of a poller macro...
CVE-2018-19280
Centreon 3.4.x fixed in Centreon 18.10.0 has XSS via the resource name or macro expression of a poller macro...
Design/Logic Flaw
Centreon 3.4.x fixed in Centreon 18.10.0 has XSS via the resource name or macro expression of a poller macro...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
Denial Of Service (DoS)
OpenSymphony XWork is vulnerable to denial of service. Object-Graph Navigation Language OGNL expressions are recursively evaluated when altSyntax is enabled. A remote attacker is able to submit a crafted input to cause an infinite loop which results in a denial of service condition. This...
openSUSE: Security Advisory for python (openSUSE-SU-2018:3703-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
PostAuth EPA scan is not initiated with Advance session policies, however works with Classic policies
If the session profile is bound to the session profile with classic expression the EPA scan is initiated the client machine is checked for the EPA checks. If you use advance expression to bind session profile to the session policy, the EPA check will not be initiated and the users will be...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
RichFaces Expression Language Injection Vulnerability
RichFaces Framework is an open source JSF component framework. A security vulnerability exists in RichFaces Framework versions 3.X through 3.3.4. A remote attacker can exploit the vulnerability to execute arbitrary code...
CVE-2018-14667
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
Code injection
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
CVE-2018-14667
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...