Lemon OA Cross-Site Scripting Vulnerability (CNVD-2021-103397)

Lemon OA is an open source office OA system developed by XuHuisheng personal developer using the Java language.Lemon OA version V1.10.0 has a security vulnerability that originates from the potrtalItemName parameter in webPortalController.java. An attacker can use the vulnerability to execute...

ZrLog Command Execution Vulnerability

ZrLog is a blogging system developed using the Java language. A command execution vulnerability exists in ZrLog version 2.2.2, which can be exploited by an attacker to upload a JSP file to obtain a WebShell...

Apache Unomi Injection Vulnerability

Apache Unomi is the United States Apache Software Apache Foundation's set of open source customer data platform. The platform is mainly written in Java language. An injection vulnerability exists in Apache Unomi versions prior to 1.5.5. The vulnerability stems from the failure of a networked syst...

PoC Exploit Targeting Apache Struts Surfaces on GitHub

Proof-of-concept exploit code surfaced on GitHub on Friday, raising the stakes on two existing Apache Struts 2 bugs that allow for remote code-execution and denial-of-service attacks on vulnerable installations. The Cybersecurity and Infrastructure Security Agency CISA issued an alert regarding t...

New NTLM Relay Vulnerability in Chrome, Java, Applications Running on Windows System Platforms

Java is an object-oriented programming language.Google Chrome is a fast, secure and free web browser. Chrome, Java, an application running on the Windows system platform, suffers from a new type of NTLM Relay vulnerability.NTLM authentication is a common authentication protocol in Microsoft Windo...

Denial Of Service(DoS)

esapi is vulnerable to denial of service DoS attacks. A malicious user can cause a denial of service attack by passing the number 2225073858507201 to the number validation parser. This is due to a flaw in the Java language...

LMCMS Backend Arbitrary File Upload Vulnerability

LMCMS Leming CMS system is a web content management system developed in Java language, developed by Beijing Leming Zhixin Technology Co., Ltd. and distributed under commercial license. LMCMS Leming CMS system's management background under the full media library section of the file management to...

JAVA serialization and deserialization and vulnerability remediation-vulnerability warning-the black bar safety net

Last week, the network security personnel once again in the Black production before being tumbled, Joomla exposure to high-risk 0Day vulnerabilities, without requiring a user login will be able to trigger. Joomla vulnerability in the official release of the upgrade version and before the patch, i...

WAP - Web Application Protection

WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-site...

Web Application Protection - Tool to detect and correct vulnerabilities in PHP web applications

WAP 2.0 is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher and with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-si...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

JDK: java.lang.class code execution

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics...

JDK: java.lang.ClassLoder defineClass() code execution

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

DEBIAN-CVE-2013-1624

The TLS implementation in the Bouncy Castle Java library before 1.48 and C library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...

JDK: java.lang.class code execution

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics...

Oracle Java Applet2ClassLoader Vulnerability

Added: 05/05/2011 CVE: CVE-2010-4452 BID: 46388 OSVDB: 71193 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Apache XML-RPC信息泄露漏洞

Apache XML-RPC是一种Java语言的XML-RPC协议实现。 Apache XML-RPC的实现上存在设计问题，远程攻击者可能利用来从服务端获取敏感信息。 Apache XML-RPC的SAX解析器允许包含外部资源，恶意客户端可能利用这个机制把服务器上资源包含进来。 Apache Group Apache XML-RPC 3.x Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://ws.apache.org/xmlrpc/changes-report.htmla3.1.3...

JDK race condition vulnerability reflection checks

Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."...