13 matches found
EUVD-2018-11220
Malware in sbrugna...
EUVD-2018-11219
Malware in sbrugna...
Remote Code Execution (RCE)
HTTL is vulnerable to remote code execution RCE. The attack exists because of the unsafe use of java.beans.XMLEncoder without the xml.codec being set...
Remote Code Execution (RCE)
HTTL is vulnerable to remote code execution RCE. The vulnerability is due to the unsafe use of XStream in the function decodeXml with xml.codec=httl.spi.codecs.XstreamCodec setting...
CVE-2018-19530
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...
Command injection
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...
CVE-2018-19530
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...
CVE-2018-19531
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
Command injection
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
CVE-2018-19531
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
CVE-2018-19531
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...
CVE-2018-19530
HTTL (Hyper-Text Template Language)
CVE-2018-19530
HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...