36 matches found
EUVD-2012-2635
Malware in sbrugna...
EUVD-2014-2031
Malware in sbrugna...
EUVD-2014-7112
Malware in sbrugna...
EUVD-2025-6370
Malicious code in bioql PyPI...
hsqldb: Untrusted input may lead to RCE attack
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...
CVE-2022-41853
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...
Unauthorized access to Class instance in Jinjava
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...
Arbitrary file deletion
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...
CVE-2020-12668
This entry concerns Jinjava prior to version 2.5.4 where callers can trigger access to arbitrary Java classes by invoking methods on objects supplied in the Jinjava context. The underlying issue is misuse of the application class loader, enabling scenarios like Arbitrary File Disclosure. Public r...
GHSA-H6RP-8V4J-HWPH Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...
Immunity Canvas: JBOSS6_JMXINVOKERSERVLET_DESERIALIZE
Name| jboss6jmxinvokerservletdeserialize ---|--- CVE| CVE-2015-7501 Exploit Pack| CANVAS Description| jboss6jmxinvokerservletdeserialize Notes| CVE Name: CVE-2015-7501 VENDOR: Red Hat NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0...
CVE-2015-0297
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the 1 ServerInvokerServlet or 2 SchedulerService or 3 cause a denial of service disk consumption via the ContentManager...
Design/Logic Flaw
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the 1 ServerInvokerServlet or 2 SchedulerService or 3 cause a denial of service disk consumption via the ContentManager...
CVE-2015-0297
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the 1 ServerInvokerServlet or 2 SchedulerService or 3 cause a denial of service disk consumption via the ContentManager...
RichFaces: Remote Command Execution via insufficient EL parameter sanitization
It was found that the 'do' parameter permitted expression language EL injection, which could allow a remote attacker to execute Java methods on an affected server...
CVE-2014-7241
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document...
CVE-2014-7241
The CVE-2014-7241 issue affects the TSUTAYA App for Android (versions 5.3 and earlier). A vulnerability allows a remote attacker to cause arbitrary Java method execution by presenting a crafted HTML document. This is documented across multiple sources (NVD, CNVD, JVN) and is mitigated by updating...
Google Appliance ProxyStyleSheet Command Execution
No description provided by source. $Id: googleproxystylesheetexec.rb 9653 2010-07-01 23:33:07Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
CVE-2014-0003
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...