CVE-2012-4387

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...

Code injection

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...

CVE-2012-4387

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...

EUVD-2022-4209

Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...

CVE-2012-4387

CVE-2012-4387 is an Apache Struts DoS vulnerability: remote attacker can cause CPU exhaustion by sending a long parameter name that is processed as an OGNL expression. The issue affects Struts 2.0.0–2.3.4. In the connected IBM advisories, remediation centers on upgrading IBM Sterling Order Manage...

DEBIAN-CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...

Design/Logic Flaw

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...

CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or...

CVE-2012-2573

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

CVE-2012-2585

Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 the Cascading Style Sheets CSS expression property in conjunction with a CSS comment within the STYLE attribute of an IMG...

CVE-2012-2584

Multiple cross-site scripting XSS vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 the Cascading Style Sheets CSS expression property in conjunction with a CSS comment within the STYLE attribute of an IMG...

SuSE Update for seamonkey openSUSE-SU-2012:0007-1 (seamonkey)

Check for the Version of seamonkey OpenVAS Vulnerability Test $Id: gbsuse201200071.nasl 8253 2017-12-28 06:29:51Z teissa $ SuSE Update for seamonkey openSUSE-SU-2012:0007-1 seamonkey Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

SuSE Update for seamonkey openSUSE-SU-2012:0039-1 (seamonkey)

Check for the Version of seamonkey OpenVAS Vulnerability Test $Id: gbsuse201200391.nasl 8267 2018-01-02 06:29:17Z teissa $ SuSE Update for seamonkey openSUSE-SU-2012:0039-1 seamonkey Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

openSUSE: Security Advisory for seamonkey (openSUSE-SU-2012:0007-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64

The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. CVE-2008-3905 Ruby's XML document parsing module REXML was prone to a denial of service...

Scientific Linux Security Update : perl on SL5.x i386/x86_64

A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl. CVE-2007-5116 %NASLMINLEVEL 70300 C Tenable Network...