Apache Struts 2 Cross Site Scripting

Security Advisory: MVSA-11-006 CVE: CVE-2011-1772 Vendor: Apache Software Foundation Product: Struts 2 Framework Vulnerabilities: Multiple Reflected XSS in XWork error pages Risk: High Attack Vector: From Remote Authentication: Not Required References: -...

Apache Struts 2.0.0 2.2.1.1 - XWork s:submit HTML Tag Cross-Site Scripting

Apache Struts 2.0.0 2.2.1.1 - XWork s:submit HTML Tag Cross-Site Scripting source: https://www.securityfocus.com/bid/47784/info Apache Struts is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Successful exploitation requires 'Dynamic...

OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

DEBIAN-CVE-2008-3141

Unspecified vulnerability in the RMI dissector in Wireshark formerly Ethereal 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors...

Design/Logic Flaw

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725...

CVE-2008-1656

Adobe ColdFusion 8 and 8.0.1 does not properly implement the public access level for CFC methods, which allows remote attackers to invoke these methods via Flex 2 remoting, a different vulnerability than CVE-2006-4725...

CVE-2007-1419

The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol JMX RMI-IIOP API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server...

Hacking AJAX DWR Applications

By Guy Karlebach & Amichai Shulman Introduction The introduction of AJAX into a web application improves the user experience significantly. However, the complexity of some AJAX frameworks and the limited field experience with them requires a careful examination of potential vulnerabilities. DWR i...

RMI Registry Detection

The remote host is running an RMI registry, which acts as a bootstrap naming service for registering and retrieving remote objects with simple names in the Java Remote Method Invocation RMI system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid22227;...

CVE-2004-2696

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation RMI over Internet Inter-ORB Protocol IIOP, does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in a...

PT-2003-1623 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.12 and earlier Description: The issue is related to the improper handling of certain strings in multiple dissectors, including BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI. The consequences of this issue are...