EUVD-2020-30929

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052

AirControl 1.4.2 is affected by a pre‑authentication remote code execution vulnerability. An unauthenticated attacker can exploit the /.seam (and /seam) endpoint by crafting URLs with embedded Java expressions to execute arbitrary system commands with the application's privileges. Root cause is J...

CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

CVE-2020-37052 AirControl 1.4.2 - PreAuth Remote Code Execution

AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedde...

Ubiquiti AirControl code injection vulnerability

Ubiquiti AirControl is a centralized network management platform developed by the American company Ubiquiti. Version 1.4.2 of Ubiquiti AirControl contains a code injection vulnerability. This vulnerability stems from Java expression injections present in.seam endpoints, which may allow unverified...

PT-2026-5489

Name of the Vulnerable Software and Affected Versions AirControl version 1.4.2 Description AirControl version 1.4.2 has a pre-authentication remote code execution issue. Unauthenticated attackers can execute arbitrary system commands by injecting malicious Java expressions. The issue is exploitab...

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

Many critical industries banking, healthcare, and manufacturing...

EUVD-2014-0286

Malware in sbrugna...

EUVD-2013-6255

Malware in sbrugna...

EUVD-2011-1487

Malware in sbrugna...

EUVD-2007-6399

Malware in sbrugna...

EUVD-2013-6254

Malware in sbrugna...

EUVD-2011-2187

Malware in sbrugna...

JBoss Seam 2 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Seam 2 Remote Command Execution', 'Description' = %q JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for R...

SUSE CVE-2011-1484

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

The vulnerability of the framework for developing web applications, JBoss Seam on the JBoss Enterprise Application Platform, allows attackers to execute arbitrary code.

The vulnerability of the framework for developing web applications on the JBoss Seam platform within the JBoss Enterprise Application Platform is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

org.graniteds:granite-beanvalidation (>=2.1.0.GA <=3.0.0.M3), org.graniteds:granite-cdi (>=2.1.0.GA <=3.0.0.M3) +26 more potentially affected by CVE-2017-3199 via org.graniteds:granite-core (>=1.1.0.GA <=3.0.0.M3)

org.graniteds:granite-core MAVEN version =1.1.0.GA, =2.1.0.GA, =2.1.0.GA, =2.0.0.B1, =1.2.0, =1.1.0.GA, =1.1.0.GA, =1.1.0.GA, =2.3.0.GA, =2.0.0.B1, =1.1.0.GA, =2.0.0.B1, =2.0.0.B1, =1.1.0.GA, =1.2.0, =1.2.0SP1 and more Source cves: CVE-2017-3199 Source advisory: OSV:GHSA-8M35-R25C-QR56...

Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured...