28 matches found
EUVD-2013-4380
Malware in sbrugna...
EUVD-2017-14945
Malware in sbrugna...
EUVD-2023-0583
Malicious code in bioql PyPI...
CVE-2021-32828
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
Security Bulletin: IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system [CVE-2013-4521, CVE-2013-2165 and CVE-2018-14667]
Summary IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system CVE-2013-4521. IBM Security Verify Governance is vulnerable to remote attacks caused by an error related to the handling of deserialization CVE-2013-2165. IBM Security Verify Governance ...
CVE-2021-32828
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
Cross site scripting
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
PT-2023-12175 · Nuxeo · Nuxeo Platform
Name of the Vulnerable Software and Affected Versions: Nuxeo Platform version 11.5.109 Description: The Nuxeo Platform is an open source content management platform for building business applications. In the affected version, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS...
CVE-2021-32828 Regular expression Denial of Service in MooTools
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
CVE-2021-32828
The CVE-2021-32828 entry affects Nuxeo Platform 11.5.109, where the oauth2 REST API is vulnerable to Reflected XSS, which can be escalated to Remote Code Execution (RCE) via the automation API. The available connected documents confirm the affected software/component and the root cause/impact. Re...
CVE-2021-32828 Regular expression Denial of Service in MooTools
The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting XSS. This XSS can be escalated to Remote Code Execution RCE by levering the automation API...
CVE-2013-4521
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-216...
Deserialization of untrusted data
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-216...
CVE-2013-4521
CVE-2013-4521 affects the RichFaces deserialization path in Nuxeo Platform (versions 5.6.0 before HF27 and 5.8.0 before HF-01). The vulnerability arises because the implementation does not restrict which classes’ deserialization methods can be called, enabling a remote attacker to execute arbitra...
CVE-2013-4521
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data. NOTE: this vulnerability may overlap CVE-2013-216...
Nuxeo Authentication Bypass and RCE Vulnerabilities
Nuxeo Platform is a cross-platform open source enterprise-class content management system CMS. An authentication bypass and RCE vulnerability exists in Nuxeo. The vulnerability is due to improper handling of facelet templates by the nuxeo-jsf-ui component, when accessing a facelet template does n...
Nuxeo 6.0 / 7.1 / 7.2 / 7.3 - Remote Code Execution Exploit
Exploit for jsp platform in category web applications =begin Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform...
Nuxeo Platform Arbitrary File Upload Vulnerability
Nuxeo Platform is a content management system CMS. An arbitrary file upload vulnerability exists in Nuxeo Platform. A remote attacker can exploit this vulnerability to upload arbitrary JSP code with the help of '...' in the X-File-Name header. in the X-File-Name header to upload arbitrary JSP cod...
Nuxeo 6.07.17.27.3 - Remote Code Execution (Metasploit)
Nuxeo 6.07.17.27.3 - Remote Code Execution Metasploit =begin Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform...
Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit)
=begin Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform. By crafting the upload request with a specific...