OESA-2023-1057 batik security update

Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function. Security Fixes: A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache...

Exploit for Cross-site Scripting in Helpsystems Cobalt_Strike

CVE-2022-39197 RCE POC Reference Links https://mp...

CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...

DEBIAN-CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...

CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...

CVE-2022-42890

A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a suite of Java-based applications from the Apache Foundation that are primarily used to process images in SVG format. A security vulnerability exists in Apache XML Graphics Batik versions prior to 1.16, which stems from a problem with Batik that allows an attacker to...

Apache XML Graphics Batik 代码问题漏洞

Apache XML Graphics Batik is a suite of Java-based applications from the Apache Foundation that are primarily used to process images in SVG format. A security vulnerability exists in versions of Apache XML Graphics prior to 1.16 that stems from a problem with Batik that allows an attacker to run...

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

Remote code execution

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

CVE-2022-30981

An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...

CVE-2022-30981

The provided Connected documents identify a concrete vulnerability: Gentics CMS prior to 5.43.1 is vulnerable to arbitrary data deserialization (via uploading a malicious ZIP file), which can potentially lead to Java code execution. The root cause is unsafe Java deserialization during ZIP upload....

CVE-2021-45983

NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution...

dotCMS allows remote authenticated users to execute arbitrary Java code

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted 1 XSLT or 2 Velocity template...

GHSA-42VG-Q6MW-CFH5 dotCMS allows remote authenticated users to execute arbitrary Java code

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted 1 XSLT or 2 Velocity template...

Restlet Arbitrary Java Code Execution via a serialized object

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...

Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML...

Security Bulletin: Vulnerability in Apache Commons affects IBM Standards Processing Engine (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Standards Processing Engine. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system,...