Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte cha…
[org.apache.struts:struts2-core] Arbitrary code execution in Apache Struts 2
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both “${}” and “%{}” sequences, which causes the OGNL code to be evaluated twice.
References
https://nvd.nist.gov/v…
[org.apache.solr:solr-core] Apache Solr insecure inter-node communication
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the n…
[opencc] Open Chinese Convert subject to Denial of Service via Out-of-bounds Read
Open Chinese Convert (OpenCC) 1.0.5 allows attackers to cause a denial of service (segmentation fault) because BinaryDict::NewFromFile in BinaryDict.cpp may have out-of-bounds keyOffset and valueOffset values via a crafted .ocd file.
References
https:…
[org.apache.struts:struts2-core] Code injection due to conversion error
Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
Refe…
[org.eclipse.rdf4j:rdf4j] RDF4J vulnerable to zip slip
RDF4J prior to 2.5.0 allows Directory Traversal via ../ in an entry in a ZIP archive.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-20227
https://github.com/eclipse/rdf4j/issues/1210
https://github.com/eclipse/rdf4j/pull/1211/commits/df15a4d7a8…
[league/commonmark] PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writ…
[com.sonyericsson.hudson.plugins.rebuild:rebuild] Cross-site Scripting in Jenkins Rebuilder Plugin
A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in
RebuildAction/BooleanParameterValue.jelly,
RebuildAction/ExtendedChoiceParameterValue.jelly,
RebuildAction/FileParameterValue.jelly,
RebuildAction/LabelP…
[org.apache.tomee:tomee-webapp] Apache TomEE console vulnerable to Cross-site Scripting
The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles d…
[org.apache.portals.pluto:pluto-container] Exposure of Sensitive Information in Apache Pluto
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attack…