Design/Logic Flaw

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...

CVE-2012-0838

CVE-2012-0838 affects Apache Struts 2 before 2.2.3.1, where an OGNL expression is evaluated during a conversion error, enabling a remote attacker to modify run-time data values and potentially execute arbitrary code. IBM security bulletins for Order Management (and related advisories) confirm the...

CVE-2012-0838

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field...

DirCMS arbitrary file read 0day-vulnerability warning-the black bar safety net

Feel time really flies really fast, the computer opened an off day is gone. Can't go on like this, so I'm going to take some time to write the blog and learning, recording their growth. Whether it be a programmer, or a security engineer, reading someone else's code is undoubtedly progress in a...

RedHat Update for boost RHSA-2012:0305-03

Check for the Version of boost OpenVAS Vulnerability Test RedHat Update for boost RHSA-2012:0305-03 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...

Apache Struts 2 vulnerable to an arbitrary Java method execution

Overview Apache Struts 2 contains an arbitrary Java method execution vulnerability. Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is...

JVN#79099262: Apache Struts 2 vulnerable to an arbitrary Java method execution

Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is contained in action. Impact If a remote attacker sends a malformed request parameter ...

Apache Struts 2 ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution

The remote web application appears to use Apache Struts 2, a web framework that uses XWork. Due to a flaw in the ParameterInterceptor class, user input is not properly sanitized, which allows a remote attacker to run arbitrary Java code on the remote host by sending a specially crafted HTTP...

JBoss Seam privilege escalation caused by EL interpolation in FacesMessages

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

Ubuntu 11.10 : thunderbird vulnerabilities (USN-1343-1)

Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as t...

USN-1343-1: Thunderbird vulnerabilities

Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as t...

CVE-2012-0035

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file...

Design/Logic Flaw

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file...

CVE-2012-0035

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file...

White House Wades into Piracy Legislation Debate

Officials with the Obama administration said the White House will not support anti-piracy bills that endanger cybersecurity or freedom of expression on the Web. In a post Saturday on the White House blog, three top technology officials for the administration – Victoria Espinel, intellectual...

Cisco Regular Expression Processing DoS

On September 19, 2007, Cisco released a security response for a denial of service vulnerability in the regular expression processing in IOS. Exploitation of this vulnerability could result in a denial of service crash and reload. This plugin checks if the appropriate fix for the advisory has been...

Finnish ISP is blocking the Pirate Bay, Anonymous stand for Freedom of Expression !

Finnish ISP is blocking the Pirate Bay, Anonymous stand for Freedom of Expression ! Anonymous has urged its followers to target Finnish anti-piracy body the Copyright Information and Anti-Piracy Centre CIAPC after it persuaded the Helsinki District Court to force one of the country's biggest ISPs...

Ubuntu 11.04 / 11.10 : firefox vulnerabilities (USN-1306-1)

Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the...

Ubuntu 11.04 / 11.10 : mozvoikko, ubufox update (USN-1306-2)

USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longs...

Immunity Canvas: STRUTSCODEINJECTION

Name| strutsCodeInjection ---|--- CVE| CVE-2012-0394 Exploit Pack| CANVAS Description| Struts Code Injector Notes| CVE Name: CVE-2012-0394 VENDOR: Apache Notes: CVE-2012-0394 - Struts = 2.2.1.1 ExceptionDelegator When an exception occurs while applying parameter values to properties, the value is...