Apache Struts2 S2-053 Remote Code Execution Vulnerability

Struts2 is the Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 suffers from a S2-053 remote code execution vulnerability that causes an attacker to remotely execute a code attack when a...

Design/Logic Flaw

The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtracking, resource consumption, or application crash via a crafted string...

Regular Expression Denial Of Service (ReDoS) Via Parsing Cookies

tough-cookie is vulnerable to regular expression denial of service ReDoS attack. The vulnerability exists because the COOKIEPAIR regular expression used to parse the cookies causes unlimited repetitions when matching input characters. By using a large cookie string, attackers can make the process...

Talking about the struts2 in the history of high-risk vulnerabilities-vulnerability warning-the black bar safety net

Apache Struts2 as the world's most popular Java Web framework of meaning, widely used in teaching, Finance, Internet, communications and other nervous industry. It's a high-risk flaws persecution can perhaps form a significant Internet Safe the dangers and huge economic loss. This article is...

HPE Intelligent Management Center multiple Expressions Language Injection (CVE-2017-12500; CVE-2017-12526)

An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of the beanName request parameter on ictExpertDownload.xhtml and on wmiConfigContent.xhtml . A remote, authenticated attacker can exploit this vulnerabilit...

openSUSE Security Update : fossil (openSUSE-2017-949)

This update for fossil to version 2.3 fixes the following issues : - Potential XSS vulnerability on the /help webpage boo1053267 This update also contains all upstream improvements and fixes in version 2.3 : - Update internal Unicode character tables, used in regular expression handling, from...

Hewlett Packard Enterprise Intelligent Management Center smsRulesDownload Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center quickTemplateSelect Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center select Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center customTemplateSelect Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center sshConfig Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center saveSelectedInterfaces Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center compareFilesResult Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center iccSelectDymicParam Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

IdentityServer3 authorize response page cross-site scripting vulnerability

IdentityServer3 is a .NET-based access control plug-in for Web applications. A cross-site scripting vulnerability in the Angular expression of the IdentityServer3 authorize response page allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be use...

Hewlett Packard Enterprise Intelligent Management Center deviceSelect Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center operationSelect Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center iccSelectDeviceSeries Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center faultEventSelectFactWithRecover Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

Hewlett Packard Enterprise Intelligent Management Center dnd Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...