120 matches found
Exploit for Expression Language Injection in Redhat Richfaces
Simplest and most reliable RichFaces Paint2DResource CVE-2018-12...
EUVD-2013-4380
Malware in sbrugna...
EUVD-2014-7702
Malware in sbrugna...
EUVD-2015-0292
Malware in sbrugna...
EUVD-2022-5776
Malicious code in bioql PyPI...
EUVD-2022-2197
Malicious code in bioql PyPI...
RHSA-2013:1043 Red Hat Security Advisory: richfaces security update
Bulletin has no description...
RHSA-2013:1042 Red Hat Security Advisory: richfaces security update
Bulletin has no description...
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...
VulnCheck KEV: CVE-2018-14667
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...
Security Bulletin: IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system [CVE-2013-4521, CVE-2013-2165 and CVE-2018-14667]
Summary IBM Security Verify Governance is vulnerable to remote attacks to execute arbitrary code on the system CVE-2013-4521. IBM Security Verify Governance is vulnerable to remote attacks caused by an error related to the handling of deserialization CVE-2013-2165. IBM Security Verify Governance ...
K16515: JBoss vulnerability CVE-2015-0279
Security Advisory Description JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language EL expressions and execute arbitrary Java code via the do parameter. CVE-2015-0279 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Stat...
JBoss RichFaces Improper Input Validation vulnerability
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a large number of malformed atmosphere push requests...
GHSA-XFXV-F945-4QV6 JBoss RichFaces Improper Input Validation vulnerability
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a large number of malformed atmosphere push requests...
org.richfaces:richfaces-push-depchain (=5.0.0.Alpha2) potentially affected by CVE-2014-0086 via org.richfaces:richfaces (=5.0.0.Alpha2)
org.richfaces:richfaces MAVEN version =5.0.0.Alpha2 is affected by a known vulnerability. The following packages have a transitive dependency on org.richfaces:richfaces and may be impacted: - org.richfaces:richfaces-push-depchain =5.0.0.Alpha2 Source cves: CVE-2014-0086 Source advisory:...
Remote code execution due to insecure deserialization
A flaw was found in the way JBoss RichFaces handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization...
GHSA-4344-FRCP-J22Q Remote code execution due to insecure deserialization
A flaw was found in the way JBoss RichFaces handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization...
GHSA-4J38-WJHF-884R Arbitrary code execution in Richfaces
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...
GHSA-3HX6-FQPJ-XFJR RichFaces vulnerable to Expression Language Injection
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...
Arbitrary code execution in Richfaces
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...