EUVD-2022-5742

Malicious code in bioql PyPI...

GHSA-X7RC-4GQW-3Q6Q Apache MyFaces Trinidad Deserialization Vulnerability

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...

Apache MyFaces Trinidad Deserialization Vulnerability

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized viewstate string...

myguidetrinidadandtobago.com Cross Site Scripting vulnerability OBB-2346271

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Apache MyFaces Trinidad 跨站请求伪造漏洞

Apache MyFaces Trinidad is a U.S. Apache Apache Foundation contains a large number of enterprise-class component libraries and support for attachment JSF framework. A cross-site request forgery vulnerability exists in Apache MyFaces. The vulnerability stems from a lack of proper validation of...

trinidaduniform.wayne-ent.com XSS vulnerability

Open Bug Bounty ID: OBB-651935 Description| Value ---|--- Affected Website:| trinidaduniform.wayne-ent.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

trinidadradiostations.net XSS vulnerability

Open Bug Bounty ID: OBB-603718 Description| Value ---|--- Affected Website:| trinidadradiostations.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

trinidadexpress.com XSS vulnerability

Open Bug Bounty ID: OBB-331961 Description| Value ---|--- Affected Website:| trinidadexpress.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

cso.gov.tt XSS vulnerability

Vulnerable URL: http://cso.gov.tt/help/%22%3E%3Csvg%20onload=alert/XSSPOSED/%3E/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1820086 VIP website status:| No Check cso.gov.tt SSL...

Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (July 2017 CPU)

According to its self-reported version number, the Oracle Primavera P6 Enterprise Project Portfolio Management EPPM installation running on the remote web server is 8.3.x prior to 8.3.15.4, 8.4.x prior to 8.4.15.2, 15.x prior to 15.2.15.1, or 16.x prior to 16.2.9.0. It is, therefore, affected by...

Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2017 CPU)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in the Enterprise Manager Base Platform component : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An...

Apache MyFaces Trinidad Remote Code Execution Vulnerability

Apache MyFaces Trinidad is a U.S. Apache Apache Software Foundation contains a large number of enterprise-class component libraries and support for attachment JSF framework. A remote code execution vulnerability exists in CoreResponseStateManager in Apache MyFaces Trinidad, which can be exploited...

CVE-2016-5019

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string...

CVE-2016-5019

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string...

Deserialization of untrusted data

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string...

CVE-2016-5019

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string...

CVE-2016-5019

The CVE-2016-5019 entry concerns a deserialization vulnerability in CoreResponseStateManager used by Apache MyFaces Trinidad. Affected products/versions are: Trinidad 1.0.0–1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2. The underlying issue is deserialization via a craft...

Apache MyFaces Trinidad Information Disclosure Vulnerability

Apache MyFaces Trinidad versions 1.0.0 to 1.0.13, 1.2.1 to 1.2.14, 2.0.0 to 2.0.1, and 2.1.0 to 2.1.1 suffer from an information disclosure vulnerability. Clarification: The first line in this CVE 1 was a copy&paste error during message composition and is not part of the CVE. This line can make i...

Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability

Description Apache MyFaces Trinidad is prone to a security vulnerability. Successfully exploiting this issue allows attackers to obtain sensitive information or execute arbitrary code in the context of the affected application. Apache MyFaces Trinidad 1.2.14-core , 1.0.13-core , 2.0.1-core and...

Oracle JDeveloper Multiple RCE (July 2016 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by multiple remote code execution vulnerabilities : - A remote code execution vulnerability exists in the Application Development Framework ADF Faces subcomponent that allows an...