11 matches found
EUVD-2022-2796
Malicious code in bioql PyPI...
GHSA-6H58-C7R7-G2HW UberFire Framework Improperly Restricts Paths
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...
UberFire Framework Improperly Restricts Paths
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...
Multiple Vulnerabilities in UberFire Framework
UberFire Framework is a rich client platform architecture software. The software supports high-availability deployments. An arbitrary code execution and file read vulnerability exists in UberFire Framework version 0.3.x, which stems from the program failing to properly restrict paths. A remote...
CVE-2014-8114
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...
Design/Logic Flaw
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...
CVE-2014-8114
The CVE-2014-8114 entry affects the UberFire Framework 0.3.x and is caused by inadequate path restriction in the framework’s FileUploadServlet/FileDownloadServlet handling. This leads to two disclosed risks: (1) remote code execution by uploading crafted content to FileUploadServlet and (2) arbit...
CVE-2014-8114
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...
UberFire: Information disclosure and RCE via insecure file upload/download servlets
It was discovered that the default implementation of FileUploadServlet and FileDownloadServlet provided by the UberFire Framework did not restrict the paths to which a file could be written or read from. In applications using this framework and exposing these servlets, a remote attacker could gai...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 security update
Red Hat JBoss BRMS 6.0.3 roll up patch 2, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...
UberFire: Information disclosure and RCE via insecure file upload/download servlets
It was discovered that the default implementation of FileUploadServlet and FileDownloadServlet provided by the UberFire Framework did not restrict the paths to which a file could be written or read from. In applications using this framework and exposing these servlets, a remote attacker could gai...