Command Injection

Apache Kylin is vulnerable to command injection. The vulnerability exists due to an insecure blacklist used to filter user input commands which allows an attacker to inject arbitrary commands into the system...

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure default blacklist which does not cover all the excluded XStream security framework...

Remote Code Execution (RCE)

xstream is vulnerable to remote code execution. The vulnerability exists due to the usage of an insecure blacklist which does not cover all the excluded XStream security framework...

The vulnerability of the WildFly application server in Java, which allows a hacker to read confidential files

The vulnerability of the WildFly application server in Java relates to the use of an incomplete blacklist. Exploiting this vulnerability allows a malicious actor to read confidential files in the WEB-INF or META-INF directories by using a query containing lowercase characters or “ meaningless”...