MySQL Enterprise Monitor 4.x < 4.0.10 / 8.x < 8.0.15 DoS (Jul 2019 CPU)

A denial of service DoS vulnerability exists in MySQL Enterprise Monitor due the use of a vulnerable Spring Framework version. Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for rang...

MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the following vulnerabilities in its subcomponents: - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is...

The vulnerabilities of the spring-webmvc and spring-webflux modules of the Spring Framework allow attackers to perform cross-site request forgery attacks.

The vulnerability of the spring-webmvc and spring-webflux modules of the Spring Framework is related to the lack of protection against Cross-Site Request Forgery CSRF attacks. Exploiting this vulnerability allows a malicious actor to perform CSRF attacks remotely...

springframework: DoS Attack via Range Requests

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System

Summary Multiple vulnerabilities identified in Open Source used in IBM Cloud Pak System. IBM Cloud Pak System addressed vulnerabilities. Vulnerability Details CVEID: CVE-2018-11771 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the corre...

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities

Summary IBM Data Risk Manager has addressed the following vulnerabilities: Vulnerability Details CVEID: CVE-2019-10172 DESCRIPTION: Jackson-mapper-asl could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. By sending a...

GHSA-FFVQ-7W96-97P7 Denial of Service in Spring Framework

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

Denial of Service in Spring Framework

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controlle...

The vulnerability of the Spring Framework component of the Oracle Retail Order Broker software product allows a hacker to gain full control over the application.

The vulnerability of the Spring Framework component of the Oracle Retail Order Broker product exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow an attacker to gain full control over the application using the HTTP protocol...

Genesis has an XSS vulnerability

Genesis is based on Spring + Spring MVC + Mybatis to build the developer community , forum system . Genesis has an XSS vulnerability that can be exploited by an attacker to obtain sensitive information such as user cookies...

XSS Vulnerability in Blog-System Personal Blog System

Blog-System personal blog system based on Spring Spring MVC Mybatis Maven way to build. Blog-System personal blog system has an XSS vulnerability that can be exploited by attackers to obtain user cookie information...

Unauthorized Access Vulnerability in Blog-System Personal Blog System Backend

Blog-System personal blog system based on Spring Spring MVC Mybatis Maven way to build. Blog-System personal blog system background unauthorized access vulnerability, attackers can use the vulnerability to directly access the system background functional pages...

XSS Vulnerability in JAVAPMS Portal Management System

JAVAPMS portal management system to SpringMVC + Spring + Hibernate + Freemarker + Html5 + jQuery for the technical core architecture , for individual webmasters , commercial enterprises , government agencies , educational institutions and other various units of the organization's information port...

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2018-15756)

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager. Vulnerability Details CVE-ID: CVE-2018-15756 Description: Pivotal Spring Framework is vulnerable to a denial of service, caused by improper handling of range request by the...

GHSA-27XJ-RQX5-2255 jackson-databind mishandles the interaction between serialization gadgets and typing

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...

Oracle Identity Manager Connector Multiple Vulnerabilities (April 2020 CPU)

The remote host is missing the April 2020 Critical Patch Update for Oracle Identity Manager Connector. It is, therefore, affected by multiple vulnerabilities: - Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: General Apache ActiveMQ. The supported...

Oracle WebCenter Sites Multiple Vulnerabilities (July 2019 CPU)

Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities : - A deserialization vulnerability exists in the Oracle WebCenter Sites component of Oracle Fusion Middleware subcomponent: Advanced UI Apache Groovy due to a lack of isolation of object...

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 项目地址： https://github.com/CHYbeta/Web-Security-Learning 最近更新日期为：2018/10/31。 同步更新于： chybeta: Web-Security-Learning 目录： - Web-Security-Learning - Web Security - sql注入 - MySql - MSSQL - PostgreSQL - MongoDB - 技巧 - 工具 - XSS - CSRF - 其他前端安全 - SSRF - XXE - JSONP注入 - SSTI - 代码执行 /...

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 项目地址： https://github.com/CHYbeta/Web-Security-Learning 最近更新日期为：2018/10/31。 同步更新于： chybeta: Web-Security-Learning 目录： - Web-Security-Learning - Web Security - sql注入 - MySql - MSSQL - PostgreSQL - MongoDB - 技巧 - 工具 - XSS - CSRF - 其他前端安全 - SSRF - XXE - JSONP注入 - SSTI - 代码执行 /...

DEBIAN-CVE-2020-11619

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean aka spring-aop...