JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. This Metasploit modules also has been tested successfully against IBM WebSphere 6.1 running on iSeries. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
e5fbbf205a52fd3db322ca559e03ddc183be3dbb1aecbc317c893104e8a8f598The TRS web console allows an authenticated user to remotely manage the BTS and its configuration. Analysis discovered an authentication bypass vulnerability in the web management console. BTS TRS web console version FTM_W20_FP2_2019.08.16_0010 is affected.
0f05d6d716250f586c5ca2543716a3b108e48fdb98ec32ec187a2d7388c7a043Tuleap version 9.17.99.189 suffers from a remote SQL injection vulnerability.
abf9dc4b10bde4c99485e7fd62c3f706e483fa73c4cc8059c6f456ee999381d5Aruba ClearPass Policy Manager version 6.4 suffers from a stored cross site scripting vulnerability.
56fc1e5abc70aa4b06bce984674df0bb39093a580845e17c217bedabcd24e62fNetwork Solutions Webmail suffers from cross site scripting, cross site request forgery, password reset, information disclosure and various other security vulnerabilities.
c559efb26add26a98a7159d6b6b66eef0951644e9d1df44a88ea79ae16873041Barracuda Load Balancer ADC with firmware version 5.0.0.015 suffers from multiple security issues. There is an ability to recover the file system encryption keys via simil cold-boot attack, an off-line super user password reset via physical attack, hard-coded credential and hard-coded ssh key issues, and various other problems.
5c42032507e2bcde6818fa49b6b98725db14f0fa3e856bb46af8de90d060d086
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed