70 matches found
Incomplete List of Disallowed Inputs in SOFA-Hessian
SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget...
Deserialization of Untrusted Data
DISPUTED SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because denylisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t...
SOFA-Hessian Arbitrary Command Execution Vulnerability
SOFA-Hessian is an open source binary serialization protocol . A security vulnerability exists in SOFA-Hessian 4.0.2 and earlier versions, which stems from the program failing to blacklist com.caucho.naming.Qname and com.sun.org.apache.xpath.internal.objects.Xstring. A remote attacker can exploit...
Design/Logic Flaw
DISPUTED SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t...
CVE-2019-9212
SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider...
CVE-2019-9212
SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider...
CVE-2019-9212
SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider...
CVE-2019-9212
SOFA-Hessian (CVE-2019-9212) affects 4.0.2 and earlier, allowing remote code execution by sending a crafted serialized Hessian object. The root cause is mishandled blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString (Resin Gadget context). The vendor note...
PT-2019-19439 · Sofa · Sofahessian
Name of the Vulnerable Software and Affected Versions: SOFA-Hessian versions 4.0.2 and earlier Description: The issue allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and...
elaundry.uk XSS vulnerability
Open Bug Bounty ID: OBB-629825 Description| Value ---|--- Affected Website:| elaundry.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...