Lucene search
K

70 matches found

Github Security Blog
Github Security Blog
added 2019/03/06 5:36 p.m.29 views

Incomplete List of Disallowed Inputs in SOFA-Hessian

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget...

9.8CVSS8AI score0.02763EPSS
Exploits0References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2019/03/06 12:0 a.m.20 views

Deserialization of Untrusted Data

DISPUTED SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because denylisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t...

9.8CVSS4.7AI score0.02763EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2019/02/28 12:0 a.m.3 views

SOFA-Hessian Arbitrary Command Execution Vulnerability

SOFA-Hessian is an open source binary serialization protocol . A security vulnerability exists in SOFA-Hessian 4.0.2 and earlier versions, which stems from the program failing to blacklist com.caucho.naming.Qname and com.sun.org.apache.xpath.internal.objects.Xstring. A remote attacker can exploit...

9.8CVSS7.6AI score0.02763EPSS
Exploits0References1
Prion
Prion
added 2019/02/27 5:29 p.m.10 views

Design/Logic Flaw

DISPUTED SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t...

7.5CVSS9.6AI score0.02763EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/02/27 5:29 p.m.15 views

CVE-2019-9212

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider...

9.8CVSS9.7AI score0.02763EPSS
Exploits0References1
OSV
OSV
added 2019/02/27 5:29 p.m.7 views

CVE-2019-9212

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider...

9.8CVSS9.7AI score
Exploits0References1
Cvelist
Cvelist
added 2019/02/27 5:0 p.m.25 views

CVE-2019-9212

SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider...

9.7AI score0.02763EPSS
Exploits0References1
CVE
CVE
added 2019/02/27 5:0 p.m.97 views

CVE-2019-9212

SOFA-Hessian (CVE-2019-9212) affects 4.0.2 and earlier, allowing remote code execution by sending a crafted serialized Hessian object. The root cause is mishandled blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString (Resin Gadget context). The vendor note...

9.8CVSS9.6AI score0.02763EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/02/27 12:0 a.m.10 views

PT-2019-19439 · Sofa · Sofahessian

Name of the Vulnerable Software and Affected Versions: SOFA-Hessian versions 4.0.2 and earlier Description: The issue allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and...

9.8CVSS8.2AI score0.02763EPSS
Exploits0References7
Openbugbounty
Openbugbounty
added 2018/06/10 7:26 p.m.10 views

elaundry.uk XSS vulnerability

Open Bug Bounty ID: OBB-629825 Description| Value ---|--- Affected Website:| elaundry.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Rows per page
Query Builder