Towards Spring Tools 5 - Ready for AI

There is no doubt that AI-based coding assistants are already or will be widely used by developers and within organizations. While the overall outlook is pretty certain, the exact way when and how to use those tools might vary, ranging from extensions for existing IDEs e.g. Copilot for Visual...

EUVD-2013-4941

Malware in sbrugna...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

Exploit for Unsafe Reflection in Hsqldb Hypersql_Database

Research into CVE-2022-41853: Using static functions to obtian...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

Security Bulletin: A vulnerability in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2021-28167)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions,...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

CVE-2022-41853

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default. Mitigation By default, the static methods of any class that is on the classpath are available for u...

GHSA-R6FX-55X3-F9X6 Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods...

CVE-2021-23267 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods...

UBUNTU-CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch...

PT-2022-9201 · Smarty +2 · Smarty +2

Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.43 Smarty versions prior to 4.0.3 Description: Smarty is a template engine for PHP that facilitates the separation of presentation from application logic. Template authors could run restricted static php methods...

Smarty 输入验证错误漏洞

Smarty is Smarty is a template engine for PHP that facilitates the separation of representation HTML/CSS from application logic. A security vulnerability exists in Smarty that stems from Smarty is a template engine for PHP that facilitates the separation of representation HTML CSS from applicatio...

CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

Design/Logic Flaw

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

Chrome Universal XSS using IDBKeyRange static methods(CVE-2015-1268)

VULNERABILITY DETAILS Calling an object-returning static method with a cross-origin thing passed as |this| yields an object wrapped in the cross-origin scope. This is because FunctionCallbackInfo ends up with a cross-origin holder, and the holder acts as a creation context for the return value in...

TYPO3 Static Methods since 2007 Extended Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability in TYPO3 Static Methods since 2007 allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain acce...

Cross site scripting

Cross-site scripting XSS vulnerability in the Static Methods since 2007 div2007 extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the t3libdiv::quoteJSvalue function...

Java Applet ProviderSkeleton Class Insecure Invoke Method (CVE-2013-2460)

A vulnerabilty has been reported in the ProviderSkeleton class which allows to call arbitrary static methods with user supplied arguments...