15 matches found
EUVD-2023-42476
Malicious code in bioql PyPI...
Expired Pointer Dereference
Overview org.lucee:lucee is a Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. Affected versions of this package are vulnerable to Expired Pointer Dereference via the scheduled task process. An authenticated attacker with an...
CVE-2021-21307
Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...
CVE-2023-38693
Lucee Server or simply Lucee is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173...
CVE-2023-38693
Lucee Server or simply Lucee is a dynamic, Java based, tag and scripting language used for rapid web application development. The Lucee REST endpoint is vulnerable to RCE via an XML XXE attack. This vulnerability is fixed in Lucee 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173...
CVE-2023-38693
CVE-2023-38693 affects Lucee Server’s REST endpoint, where an XML XXE vulnerability in the REST handler enables remote code execution. The root cause is improper XML processing allowing external entities to be evaluated during parsing, leading to potential code execution with high impact (as per ...
Lucee 代码问题漏洞
Lucee is a high-performance open source CFML server written in Java by Lucee Open Source. A code issue vulnerability exists in Lucee versions 5.4.3.2, 5.3.12.1, 5.3.7.59, 5.3.8.236, and 5.3.9.173, which stems from an XML External Entity References attack and could lead to remote code execution...
VulnCheck KEV: CVE-2021-21307
Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...
Lucee Authenticated Scheduled Job Code Execution Exploit
This Metasploit module can be used to execute a payload on Lucee servers that have an exposed administrative web interface. It's possible for an administrator to create a scheduled job that queries a remote ColdFusion file, which is then downloaded and executed when accessed. The payload is...
CVE-2021-21307
Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...
CVE-2021-21307
Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...
Code injection
Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...
CVE-2021-21307
CVE-2021-21307 : Lucee Admin has an unauthenticated remote code execution vulnerability in Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. The issue is fixed in those versions; a workaround is to block access to the Lucee Administrator. Public exploitation templates (e.g., an unordere...
Lucee Server Authorization Issues Vulnerability
An authorization issue vulnerability exists in Lucee Server that arises from a lack of authentication measures or insufficient authentication strength in a network system or product...
CVE-2021-21307
Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...