6 matches found
CVE-2011-3923
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
CVE-2012-2148
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
CVE-2014-3699
eDeploy has RCE via cPickle deserialization of untrusted data
CVE-2014-3701
eDeploy has tmp file race condition flaws
CVE-2014-3655
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
CVE-2014-3700
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data