37 matches found
EUVD-2014-7702
Malware in sbrugna...
EUVD-2015-0292
Malware in sbrugna...
EUVD-2022-2197
Malicious code in bioql PyPI...
EUVD-2022-5776
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2018-14667
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...
Security Bulletin: IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system [CVE-2013-4521, CVE-2013-2165 and CVE-2018-14667]
Summary IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system CVE-2013-4521. IBM Security Verify Governance is vulnerable to remote attacks caused by an error related to the handling of deserialization CVE-2013-2165. IBM Security Verify Governance ...
GHSA-XFXV-F945-4QV6 JBoss RichFaces Improper Input Validation vulnerability
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a large number of malformed atmosphere push requests...
JBoss RichFaces Improper Input Validation vulnerability
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a large number of malformed atmosphere push requests...
Remote code execution due to insecure deserialization
A flaw was found in the way JBoss RichFaces handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization...
CVE-2015-0279: Expression Language Injection in FortiSIEM
An expression language injection vulnerability in FortiSIEM JBoss RichFaces library may allow a remote attacker to inject expression language EL expressions and execute arbitrary Java code via the do parameter...
CVE-2018-12533
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...
JBoss RichFaces Arbitrary Java Code Execution Vulnerability (CNVD-2018-11847)
Red Hat JBoss RichFaces is the United States Red Hat Red Hat, Inc. of an open source JSF JavaServer Faces component library . The library provides built-in JavaScript and Ajax functionality . A security vulnerability exists in Red Hat JBoss RichFaces versions 4.5.3 through 4.5.17. A remote attack...
JBoss RichFaces Arbitrary Java Code Execution Vulnerability
Red Hat JBoss RichFaces is the United States Red Hat Red Hat, Inc. of an open source JSF JavaServer Faces component library . The library provides built-in JavaScript and Ajax functionality . A security vulnerability exists in Red Hat JBoss RichFaces versions 3.1.0 through 3.3.4. A remote attacke...
CVE-2018-12533
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...
Design/Logic Flaw
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...
CVE-2018-12532
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...
Design/Logic Flaw
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...
CVE-2018-12533
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...
CVE-2018-12532
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...
CVE-2018-12533
CVE-2018-12533 affects Red Hat JBoss RichFaces 3.1.0–3.3.4, enabling unauthenticated attackers to inject EL expressions and execute arbitrary Java code via a /DATA/ path substring in a request containing a org.richfaces.renderkit.html.Paint2DResource$ImageData object (RF-14310). Public detail in ...