support.uel.ac.uk Cross Site Scripting vulnerability OBB-2494081

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Apache OFBiz嵌套表达式任意UEL执行漏洞

Bugtraq ID:61369 CVE ID:CVE-2013-2250 Apache OFBiz是一款开源的ERP系统 Apache OFBiz没有正确校验参数值，如果提供的参数包含JUEL元字符，可导致执行任意统一表达式语言UEL函数 0 Apache OFBiz 10.04.01 - 10.04.05 Apache OFBiz 11.04.01 - 11.04.02 Apache OFBiz 12.04.01 厂商解决方案 Apache OFBiz 10.04.06, 11.04.03或12.04.02已经修复此漏洞，建议用户下载更新： http://ofbiz.apache.o...

CVE-2013-2250

Apache OFBiz is affected by CVE-2013-2250 due to improper validation of parameters containing JUEL metacharacters, allowing a remote attacker to trigger nested UEL expressions and execute arbitrary UEL functions. Impact is remote code execution with unauthenticated access. Affected versions: OFBi...

Apache OFBiz Nested Expression Arbitrary UEL Function Execution

The version of Apache OFBiz hosted on the remote host is affected by a code execution vulnerability that could allow the execution of arbitrary UEL functions. Specially crafted input passed to the getInstance method of the FlexibleStringExpander class can result in the evaluation of nested Java...

[CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz

CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: Parameter valu...