Deserialization Of Untrusted Data

Apache Jackrabbit Core and Apache Jackrabbit JCR Commons are vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to the acceptance of untrusted JNDI URIs for JCR lookup, which allows an attacker to inject malicious JNDI references that trigger deserialization of untrusted...

EUVD-2013-6537

Malware in sbrugna...

EUVD-2015-1992

Malware in sbrugna...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JCR lookup functionality. An attacker can execute arbitrary code by injecting malicious JNDI references that are deserialized when untrusted JNDI URIs are accepted. JNDI URIs are can be...

CrafterCMS 安全漏洞

CrafterCMS is a Java-based CMS from CrafterCMS, Inc. A security vulnerability exists in CrafterCMS versions 4.0.0 through 4.2.2 that stems from a Groovy sandbox bypass resulting in OS commands that can be executed by certified developers...

UJCMS 代码注入漏洞

UJCMS is a Java open source content management system from dromara open source. A code injection vulnerability exists in UJCMS version 9.7.5, which originates from cross-site scripting of the uploadZip/upload function in the File Upload component and could lead to a remote attack...

UJCMS 安全漏洞

UJCMS is a Java open source content management system from dromara open source. A security vulnerability exists in UJCMS version 9.6.3, which stems from insufficient cleanup of embedded attributes in uploaded SVG files, and a stored Cross-Site Scripting XSS vulnerability that could allow an...

Adobe InDesign 跨站脚本漏洞

Adobe Acs-aem-commons is a Java-based codebase for AEM/CQ code collections generated according to AEM by Adobe in the United States. A security vulnerability exists in Adobe ACS Commons that stems from a failure to properly handle invalid JCR characters, which can be exploited by an attacker to...

Unspecified Vulnerability in Apache Sling JCR ContentLoader XmlReader

Apache Sling JCR ContentLoader is the United States Apache Apache Software Foundation for the Java platform for a set of open source Web framework. The framework can be in the JCR Content Repository Java Content Repository on the creation of content-oriented applications . XmlReader is one of the...

JEECMS Resource Module Exploits Arbitrary File Upload Vulnerability

JEECMS is the domestic Java version of the open source web content management system java cms, jsp cms for short. JEECMS product background a function exists in an arbitrary file upload vulnerability. Allow attackers to take advantage of the vulnerability to upload arbitrary files...

CVE-2015-1887

IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository JCR information via a crafted request...

CVE-2013-6735

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository JCR information via a modified Web...

Code injection

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository JCR information via a modified Web...

CVE-2013-6735

CVE-2013-6735 affects IBM Web Content Manager (WCM). The connected sources confirm an XPath-injection vulnerability in WCM LIBRARY parameter that allows an unauthenticated attacker to manipulate requests and potentially extract sensitive configuration/JCR data from vulnerable WCM installations (v...

Oracle Linux 4 / 6 : thunderbird (ELSA-2011-0374)

From Red Hat Security Advisory 2011:0374 : An updated thunderbird package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Mozilla Thunderbird is a...

Scientific Linux Security Update : thunderbird on SL4.x, SL5.x, SL6.x i386/x86_64

This erratum blacklists a small number of HTTPS certificates. BZ689430 This update also fixes the following bug : - Previous security updates introduced a regression, preventing some Java content and plug-ins written in Java from loading. With this update, the Java content and plug-ins work as...

国内优秀的JAVA(JSP)内容网站管理系统.FCK上传漏洞

简要描述： 国内优秀的JAVAJSP内容网站管理系统.FCK上传漏洞 详细说明： 漏洞地址: www.域名/thirdparty/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector.jsp 漏洞证明： 使用JEECMS系统的网站FCK漏洞地址： 1、中国物流信息中心：http://www.clic.org.cn/...

RedHat Update for thunderbird RHSA-2011:0374-01

Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2011:0374-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CentOS Update for thunderbird CESA-2011:0374 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 4 : thunderbird (CESA-2011:0374)

An updated thunderbird package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Mozilla Thunderbird is a standalone mail and newsgroup client. This...