89 matches found
EUVD-2012-1843
Malware in sbrugna...
EUVD-2009-2889
Malware in sbrugna...
EUVD-2009-2887
Malware in sbrugna...
EUVD-2009-2888
Malware in sbrugna...
EUVD-2010-1482
Malware in sbrugna...
EUVD-2009-2895
Malware in sbrugna...
EUVD-2022-2313
Malicious code in bioql PyPI...
CVE-2009-2907
Multiple cross-site scripting XSS vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite AMS before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers t...
CVE-2009-2899
The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments...
This Week in Spring - December 3rd, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the first week of December and I am in the amazing city of Perth, Australia. Perth, for those of you who don't know, is amazing. And well worth the journey. But it is quite the journey! 27 hours, door-to-door, from San...
Improper Control of Generation of Code in Spring Security
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...
GHSA-4644-HG35-55M9 Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread...
Improper Control of Generation of Code ('Code Injection') in Spring Framework
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs0=jar: followed by a URL of a crafted .jar file...
GHSA-WV88-PF73-X22P Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...
Oracle WebCenter Sites Multiple Vulnerabilities (October 2015 CPU)
The version Oracle WebCenter Sites installed on the remote host is missing security patches from the October 2015 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the bundled SpringSource Spring Framework that allows a remote attacker to execu...
Multiple SpringSource Products Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/38913/info Multiple SpringSource Products are prone to multiple HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the...
SpringSource Spring Framework XML External Entity Information Disclosure (CVE-2013-4152)
An information disclosure vulnerability exists in SpringSource Spring Framework...
CVE-2011-2730
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...
CVE-2012-5055
DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of logi...
CVE-2011-2732
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter...