EUVD-2001-1208

Malware in sbrugna...

EUVD-2018-19637

Malware in sbrugna...

EUVD-2025-2571

Malicious code in bioql PyPI...

PT-2023-21033 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to an unauthenticated SQL injection in the GetRoomChanges method, allowing unauthenticated attackers to extract or modify all data. Recommendations: For versions...

PT-2022-25776 · Sap · Sap Basis

Name of the Vulnerable Software and Affected Versions: SAP BASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791 Description: The issue allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provid...

GHSA-77XX-RXVH-Q682 HyperSQL DataBase vulnerable to remote code execution when processing untrusted input

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

OPENSUSE-SU-2022:0108-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. bsc1194198, bsc1192052 - CVE-2021-3558...

CVE-2021-41035

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods...

Security Bulletin: A security vulnerability has been identified in IBM Java Runtime which affects DataQuant for z/OS

Summary An unspecified vulnerability has been identified in IBM Java Runtime that could affect DataQuant for z/OS. Vulnerability Details CVEID: CVE-2018-12547 CVSS Base Score: 9.8 DESCRIPTION: A widely used function in the OpenJ9 JVM is vulnerable to buffer overlows. Multiple Java Runtime...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

DEBIAN-CVE-2018-1318

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server ATS 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrad...

Android WebView addJavascriptInterface Arbitrary Java Method Access

Added: 02/11/2014 CVE: CVE-2013-4710 OSVDB: 97520 Background Android is a Linux-based operating system used primarily on touchscreen mobile devices such as smartphones and tablet computers. It was originally developed by Android Inc., but is now owned by Google. WebView is a sub-class of the...

Android WebView addJavascriptInterface Arbitrary Java Method Access

Added: 02/11/2014 CVE: CVE-2013-4710 OSVDB: 97520 Background Android is a Linux-based operating system used primarily on touchscreen mobile devices such as smartphones and tablet computers. It was originally developed by Android Inc., but is now owned by Google. WebView is a sub-class of the...

Apache Struts ParametersInterceptor Remote Code Execution

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts ParametersInterceptor Remote Code Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 2.3.1.2. This issue is caused...

Struts2 vulnerability analysis of the Ongl code to perform the analysis-vulnerability warning-the black bar safety net

A, brief 2 0 1 0 year 7 on exploitdb broke the Struts2/XWork 2.2.0 Remote Command Execution Vulnerability action, can be called God-like vulnerability, an attacker would just construct the appropriate statement, there is a great chance to gain system permissions for System or root because tomcat ...

JBoss Enterprise Application Platform: org.jboss.as.ejb3: JBoss Enterprise Application Platform: Access restriction bypass via improper EJB method authorization

A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...

Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

No description provided by source. Friday, July 9, 2010 CVE-2010-1870: Struts2/XWork remote command execution Update Tue Jul 13 2010: Added proof of concept Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 release of the...

Input validation

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET...

Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to methods

Overview The Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to dangerous methods, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Intuit QuickBooks Online Edition is a version of QuickBooks that is implemented a...