3 matches found
JbossMQ Invocation Layer Deserialization Remote Code Execution (CVE-2017-12149; CVE-2017-7504)
An invocation layer deserialization vulnerability exists in Red Hat JBoss Seam Framework. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted file to the web application...
JBoss Seam 2 File Upload / Execute
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/http' require 'msf/core' class Metasploit3 'JBoss Seam 2 File Upload and Execute', 'Description' = %q Versions of the JBoss Seam 2 framework 'vulp1n3 ' ...
Red Hat JBoss Seam Framework XXE Information Disclosure (CVE-2013-6447)
An information disclosure vulnerability has been reported in Red Hat JBoss Seam Framework. The vulnerability is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from untrusted sources being used by the ExecutionHandler, PollHandler, and SubscriptionHandler classes...