CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

CVE-2018-10054

CVE-2018-10054 describes an RCE in H2 Database via the CREATE ALIAS mechanism. The issue affects H2 1.4.197 as used in Datomic before 0.9.5697 and other products, enabling remote code execution by an attacker with a crafted alias. Public references note exploit activity and Java code execution vi...

CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

Remote Code Execution (RCE)

jolokia-jsr160 is vulnerable to remote code execution RCE attacks. The application does not restrict access to the server in proxy mode, allowing a malicious user to inject and execute arbitrary Java code...

Design/Logic Flaw

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

Code injection

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

SoapUI 5.3.0 Code Execution

Document Title: =============== SoapUI Arbitrary Code Execution via Malicious Project Product Description: =============== SoapUI is the world's most widely-used testing tool for SOAP and REST APIs. Write, run, integrate, and automate advanced API Tests with ease. Homepage: https://www.soapui.org...

CVE-2017-16861

It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is...

Design/Logic Flaw

It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is...

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

CVE-2017-8046

CVE-2017-8046 is a remote code execution vulnerability affecting Spring Data REST before versions 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1), and Spring Boot before 1.5.9 or 2.0 M6. When processing specially crafted JSON in PATCH requests, an attacker could execute arbitrary Java code on affected se...

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. Recent assessments: Assessed Attacker Value: 0...