EUVD-2020-30929

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052

AirControl 1.4.2 is affected by a pre‑authentication remote code execution vulnerability. An unauthenticated attacker can exploit the /.seam (and /seam) endpoint by crafting URLs with embedded Java expressions to execute arbitrary system commands with the application's privileges. Root cause is J...

CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

PT-2026-5489

Name of the Vulnerable Software and Affected Versions AirControl version 1.4.2 Description AirControl version 1.4.2 has a pre-authentication remote code execution issue. Unauthenticated attackers can execute arbitrary system commands by injecting malicious Java expressions. The issue is exploitab...

Ubiquiti AirControl code injection vulnerability

Ubiquiti AirControl is a centralized network management platform developed by the American company Ubiquiti. Version 1.4.2 of Ubiquiti AirControl contains a code injection vulnerability. This vulnerability stems from Java expression injections present in.seam endpoints, which may allow unverified...

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

Many critical industries banking, healthcare, and manufacturing...

EUVD-2011-1487

Malware in sbrugna...

EUVD-2013-6254

Malware in sbrugna...

EUVD-2011-2187

Malware in sbrugna...

EUVD-2007-6399

Malware in sbrugna...

EUVD-2014-0286

Malware in sbrugna...

EUVD-2013-6255

Malware in sbrugna...

JBoss Seam 2 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Seam 2 Remote Command Execution', 'Description' = %q JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for R...

SUSE CVE-2011-1484

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

org.graniteds:granite-beanvalidation (>=2.1.0.GA <=3.0.0.M3), org.graniteds:granite-cdi (>=2.1.0.GA <=3.0.0.M3) +26 more potentially affected by CVE-2017-3199 via org.graniteds:granite-core (>=1.1.0.GA <=3.0.0.M3)

org.graniteds:granite-core MAVEN version =1.1.0.GA, =2.1.0.GA, =2.1.0.GA, =2.0.0.B1, =1.2.0, =1.1.0.GA, =1.1.0.GA, =1.1.0.GA, =2.3.0.GA, =2.0.0.B1, =1.1.0.GA, =2.0.0.B1, =2.0.0.B1, =1.1.0.GA, =1.2.0, =1.2.0SP1 and more Source cves: CVE-2017-3199 Source advisory: OSV:GHSA-8M35-R25C-QR56...

Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured...

Remote Code Execution (RCE)

JBoss Enterprise Application Platform is vulnerable to remtoe code execution RCE. Due to an incomplete fix for CVE-2011-1484, JBoss Seam 2 did not block access to all malicious JBoss Expression Language EL constructs in page exception handling, allowing arbitrary Java methods to be executed. A...