EUVD-2021-1544

Malware in sbrugna...

EUVD-2022-1979

Malicious code in bioql PyPI...

EUVD-2022-4332

Malicious code in bioql PyPI...

OWASP ESAPI 安全漏洞

OWASP ESAPI is a free, open source, Web application security control library from the OWASP Foundation in the United States that makes it easier for programmers to write lower-risk applications. A security vulnerability exists in OWASP ESAPI that stems from improper neutralization of special...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to OWASP ESAPI (CVE-2010-3300)

Summary IBM Sterling B2B Integrator uses OWASP ESAPI. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2010-3300 DESCRIPTION: OWASP ESAPI for Java could allow a remote attacker to obtain sensitive information, caused by a padding oracle...

Cross Site Scripting (XSS)

org.owasp.esapi:esapi is vulnerable to Cross-site Scripting XSS. The Validator.isValidSafeHTML method, which is responsible for determining whether user-supplied input is safe to include in HTML content, exhibits a flaw that can lead to false negatives. This means that the method may incorrectly...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), cn.acooly:acooly-auth-wechat-authenticator (=5.2.1) +557 more potentially affected by unknown CVE via org.owasp.esapi:esapi (>=2.0GA <=2.5.5.0)

org.owasp.esapi:esapi MAVEN version =2.0GA, =3.0.0, =5.0.0 - cn.acooly:acooly-auth-wechat-authenticator =5.2.1 - cn.dceast.platform:platform-security-starter =2.2.3 - com.acooly:acooly-component-account =5.2.1 - com.acooly:acooly-component-app =5.2.1 - com.acooly:acooly-component-assetmgmt =5.2.1...

Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to security bypass due to OWASP ESAPI (CVE-2013-5960)

Summary IBM Sterling B2B Integrator has addressed the vulnerability in OWASP ESAPI in B2B API Vulnerability Details CVEID:CVE-2013-5960 DESCRIPTION: OWASP ESAPI could allow a remote attacker to bypass security restrictions, caused by the failure to properly resist tampering with serialized...

GHSA-JCP9-796G-PV9P Missing Cryptographic Step in OWASP Enterprise Security API for Java

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...

OWASP ESAPI Cross-Site Scripting Vulnerability

OWASP ESAPI is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. cross-site scripting vulnerabilities exist in versions of OWASP ESAPI prior to 2.3.0.0, which originate from the " onsiteURL" regular expression erro...

Mageia: Security Advisory (MGASA-2015-0064)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-3GP6-HHFW-4GQX Padding oracle attacks

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...

Padding oracle attacks

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...

CVE-2010-3300

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...

Design/Logic Flaw

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...

CVE-2010-3300

CVE-2010-3300 affects the OWASP ESAPI for Java up to version 2.0 RC2, where a padding oracle weakness can lead to information disclosure. The issue is documented across multiple sources (NVD/Red Hat/IBM bulletin/OSS advisories). Affected component: OWASP ESAPI for Java; root cause: padding oracle...

CMS Showcase 1.0 Cross Site Scripting

Title: ======= CMS Showcase - Multiple Reflected Cross-Site Scripting Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative...

MGASA-2015-0064 Updated owasp-esapi-java packages fix CVE-2013-5679

Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...

Updated owasp-esapi-java packages fix CVE-2013-5679

Updated owasp-esapi-java packages fix security vulnerability: The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API ESAPI for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier f...

Fedora 21 : owasp-esapi-java-2.1.0-1.fc21 (2015-0322)

Release 2.1.0. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...