新たなセキュリティ機能で対応ホスト機器のブート、セキュアなデータ管理と「保守修理規則」対応 カリフォ…
EPOSの人気ヘッドセット「H6PRO」にサウンドカードとセットのかなりお得な限定モデルが登場!
デンマーク コペンハーゲン発のプレミアムゲーミングオーディオブランド「EPOS」配信用のマイクやフル…
JBLのゲーミングヘッドセットから低遅延2.4GHzワイヤレス接続の新モデル「JBL Quantum 350 Wireless」発表!
ゲームをプレイする際に音は非常に重要な要素の1つです。しかしオーディオの世界は青天井で、突き詰めてい…
[DotNetCasClient] Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrar…
[org.apache.struts:struts2-core] Cross-site Scripting in Apache Struts
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to (1) actionNames.action and (2) showConfig.action in config-browser/.
References
…
[org.apache.struts:struts2-core] Broken Access Control Vulnerability in Apache Struts2
The Struts 2 action mapping mechanism supports the special parameter prefix action: which is intended to help with attaching navigational information to buttons within forms, under certain conditions this can be used to bypass security constraints.
In…
[org.apache.portals.jetspeed-2:jetspeed] Path Traversal in Apache Jetspeed
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot do…
[org.apache.portals.jetspeed-2:jetspeed] Cross-site Scripting in Apache Jetspeed
Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-0712
https://mail-archives.apache…
[org.apache.tomcat:tomcat] Deserialization of Untrusted Data in Apache Tomcat
The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file…
[org.apache.struts:struts2-core] Remote Code Execution in Apache Struts
XSLTResult allows for the location of a stylesheet being passed as a request parameter. In some circumstances this can be used to inject remotely executable code.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-3082
http://struts.apache.org/docs/…