CVE-2018-16171

Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors...

CVE-2018-16171

Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors...

Cybozu Remote Service Directory Traversal Vulnerability (CNVD-2019-07167)

Cybozu Remote Service is Cybozu's remote service management software for accessing Cybozu's internal systems. A directory traversal vulnerability exists in the 'client certificates registration' function in Cybozu Remote Service versions 3.0.0 through 3.1.8, which can be exploited to execute...

JVN#23161885: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Upload of arbitrary files in logo setting screen CWE-434 - CVE-2018-16169 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

Sonatype Nexus Repository Manager Java Code Execution Vulnerability

Sonatype Nexus Repository Manager aka NXRM is a maven repository manager. A security vulnerability exists in Sonatype NXRM versions prior to 3.14. An attacker can exploit the vulnerability to execute code on the server...

GHSA-J8G6-2WH7-6439 Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

Apache Tika allows Java code execution for serialized objects embedded in MATLAB files

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

Apache Tika 1.9 - 1.13 Java Code Execution Vulnerability

Apache Tika is prone to an arbitrary Java code execution vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite (CVE-2016-0378, CVE-2016-5983 and CVE-2016-5986)

Summary There are vulnerabilities in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite. Those issues were disclosed as part of the IBM WebSphere Application Server Liberty updates and it includes all vulnerabilities details. Vulnerability Details CVEID:...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for ACH Services, Financial Transaction Manager for Check Services, and Financial Transaction Manager for Corporate Payment Services for Multiplatforms

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by Financial Transaction Manager FTM for ACH Services, Financial Transaction Manager for Check Services, and Financial Transaction Manager for Corporate Payment Services CPS for Multiplatforms. These issue...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Contract Management (CVE-2016-5983)

Summary The IBM Emptoris Contract Management product is affected by a vulnerability that exists in the IBM Websphere Application Server. The security bulletin includes issues disclosed as part of the IBM WebSphere Application Server updates. Vulnerability Details CVEID: CVE-2016-5983 DESCRIPTION:...

Security Bulletin: Potential security vulnerability in WebSphere Application Server MQ JCA Resource adapter (CVE-2016-0360)

Summary There is a potential security vulnerability with the WebSphere Application Server MQ JCA Resource adapter. Vulnerability Details CVEID: CVE-2016-0360 DESCRIPTION: IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources whi...

Security Bulletin: Vulnerability in Apache Commons affects IBM MQ Appliance (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM MQ Appliance. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

CVE-2017-16861

It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is...

CVE-2017-14589

CVE-2017-14589: Atlassian Bamboo is affected by a remote code execution issue caused by double OGNL evaluation in FreeMarker templates via Struts FreeMarker tags. Affected versions are Bamboo < 6.1.6 and 6.2.0 ≤ Bamboo

CVE-2017-14589

It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...

Atlassian Bamboo REST Endpoint Remote Code Execution Vulnerability

Atlassian Bamboo is a suite of continuous integration build tools from Atlassian Australia. The tool helps development teams build, test, release and deploy projects using continuous delivery capabilities.REST endpoint is one of the REST endpoints. A security vulnerability exists in the REST...

CVE-2017-9514

CVE-2017-9514 affects Atlassian Bamboo. A REST endpoint could parse YAML and did not adequately restrict loaded classes, enabling an authenticated user to execute Java code on vulnerable Bamboo versions. Affected ranges: 6.0.x before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1. Remediation ...

CVE-2017-9514

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on...