Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.6 views

CVE-2022-38301

Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib...

8.8CVSS6.8AI score0.01146EPSS
Exploits1References1
OSV
OSV
added 2023/12/25 8:15 a.m.6 views

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

9.8CVSS5.8AI score0.42162EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/12/25 8:15 a.m.3 views

CVE-2022-34267

An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...

9.8CVSS7.3AI score0.42162EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/09/14 9:15 p.m.4 views

CVE-2022-38301

Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib...

8.8CVSS5.8AI score0.01146EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/14 12:0 a.m.4 views

Theonedev Onedev 路径遍历漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev A path traversal...

8.8CVSS7.9AI score0.01146EPSS
Exploits1References3
Gitee
Gitee
added 2021/10/15 4:27 p.m.5 views

Exploit for Files or Directories Accessible to External Parties in Apache Flink

Based on the provided code and analysis, here is a summary of the vulnerabilities: 1. Apache Flink 1.9.1 Jar Upload RCE: This vulnerability allows an attacker to upload a malicious JAR file to the Apache Flink system, which can lead to arbitrary command execution and reverse shell. Affected...

9.1CVSS7.5AI score0.97856EPSS
Exploits14
Gitee
Gitee
added 2021/10/05 9:50 p.m.9 views

Exploit for Files or Directories Accessible to External Parties in Apache Flink

Based on the provided code and analysis, here is a summary of the vulnerabilities: 1. Apache Flink 1.9.x Jar Upload RCE: This vulnerability allows an attacker to upload a malicious JAR file to the Apache Flink server, which can lead to arbitrary command execution and reverse shell. The affected...

9.1CVSS7.4AI score0.97856EPSS
Exploits14
Gitee
Gitee
added 2021/08/15 11:41 p.m.4 views

POChouse

Based on the provided context, here is a summary of the analysis: Classification: Apache Flink 1.9.x has a vulnerability that allows for arbitrary command execution and reverse shell through malicious JAR package upload. Affected Version: = 1.9.1 POC: The proof-of-concept POC code is written in...

9.1AI score
Exploits0
Metasploit
Metasploit
added 2021/02/23 5:41 p.m.61 views

Apache Flink JAR Upload Java Code Execution

This module uses job functionality in Apache Flink dashboard web interface to upload and execute a JAR file, leading to remote execution of arbitrary Java code as the web server user. This module has been tested successfully on Apache Flink versions: 1.9.3 on Ubuntu 18.04.4; 1.11.2 on Ubuntu...

7.8AI score
Exploits0
0day.today
0day.today
added 2021/02/23 12:0 a.m.28 views

Apache Flink JAR Upload Java Code Execution Exploit

This Metasploit module uses job functionality in the Apache Flink dashboard web interface to upload and execute a JAR file, leading to remote execution of arbitrary Java code as the web server user. This module has been tested successfully on Apache Flink versions: 1.9.3 on Ubuntu 18.04.4; 1.11.2...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/02/23 12:0 a.m.199 views

Apache Flink JAR Upload Java Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink JAR Upload Java Code Execution', 'Description' = %q This module uses job functionality in Apache Flink dashboard web interface to...

0.5AI score
Exploits0
CNVD
CNVD
added 2019/11/14 12:0 a.m.1 views

Apache Flink Arbitrary Jar Package Upload Leads to Remote Code Execution Vulnerability

Apache Flink is developed by the Apache Software Foundation open source stream processing framework , the core is written in Java and Scala distributed streaming data flow engine . Flink to data parallelism and pipelined execution of arbitrary streaming data program , Flink's pipeline runtime...

8.6AI score
Exploits0References1
Rows per page
Query Builder