CVE-2022-38745

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory...

CVE-2022-38745 Apache OpenOffice: Empty entry in Java class path

Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory...

Apache OpenOffice 安全漏洞

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A code issue vulnerability exists in Apache OpenOffice versions prior to 4.1.14, which stems from th...

CVE-2023-28725

General Bytes Crypto Application Server CAS 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March...

CVE-2023-28725

General Bytes Crypto Application Server CAS 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March...

VulnCheck KEV: CVE-2023-28725

General Bytes Crypto Application Server CAS 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in...

CVE-2023-28725

General Bytes Crypto Application Server CAS 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March...

Atlassian Jira < 8.13.12 Server-Side Template Injection Vulnerability

According to its self-reported version number, the Atlassian Jira application running on the remote host is 8.13.12 or 8.14.x 8.19.1. It is, therefore, affected by a vulnerability that when using the Jira Service Management addon may allow remote attackers with JIRA Administrators access to execu...

Atlassian Jira 8.14.x < 8.19.1 Server-Side Template Injection Vulnerability

According to its self-reported version number, the Atlassian Jira application running on the remote host is 8.13.12 or 8.14.x 8.19.1. It is, therefore, affected by a vulnerability that when using the Jira Service Management addon may allow remote attackers with JIRA Administrators access to execu...

Important: batik

Issue Overview: Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

Atlassian Confluence 6.14.x < 7.4.11 RCE Via OGNL Injection

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.23, 6.14.x prior to 7.4.11, 7.5.x prior to 7.11.6 or 7.12.x prior to 7.12.5. It is, therefore, affected by an OGNL injection vulnerability that would allow an attacker...

Important: batik

Issue Overview: Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

Atlassian Confluence 7.5.x < 7.11.6 RCE Via OGNL Injection

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.23, 6.14.x prior to 7.4.11, 7.5.x prior to 7.11.6 or 7.12.x prior to 7.12.5. It is, therefore, affected by an OGNL injection vulnerability that would allow an attacker...

K13434228: Apache Struts vulnerability CVE-2012-0392

Security Advisory Description The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

K20127031: Apache Struts vulnerability CVE-2012-0391

Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted...

SUSE CVE-2007-4575

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

SUSE CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

Oracle WebLogic Server ForeignOpaqueReference JNDI Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ForeignOpaqueReference class. The issue results from the lack of proper...

OESA-2023-1060 batik security update

Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function. Security Fixes: A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache...

OESA-2023-1057 batik security update

Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function. Security Fixes: A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache...