Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.3.0 allow remote authenticated users to access arbitrary files and directories via vectors involving a symlink in a pathname to a (1) CWD, (2) DELE, (3) STOR, or (4) RET…
新型【MAZDA2】フルモデルチェンジ2025年頃予想、次期型はEV専用プラットフォームか【マツダ2最新情報】
現行MAZDA2は、2014年発売の4代目デミオ(DJ型)から基本デザインが変えられておらず、フルモデルチェンジが待望される時期に来ている。歴代デミオを振り返ると、モデルチェンジのサイクルは5~7年程度であったが、現行モ […]…
[net.bull.javamelody:javamelody-core] Improper Neutralization of Input During Web Page Generation in JavaMelody
Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header.
References
https://nvd.nist.gov/vuln/det…
[salt] Minion identity not validated in saltstack
Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.
References
https://nvd.nist.gov/vuln/detail/CVE-2013-4439
https://github.com/saltstack/salt/p…
[org.apache.solr:solr-core] Improper Restriction of XML External Entity Reference in Apache Solr
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to…
[org.jgroups:jgroups] Exposure of Sensitive Information to an Unauthorized Actor in JGroup
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.
References
https://nvd….
[org.apache.geronimo.framework:geronimo-jmx-remoting] Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execut…
[org.apache.solr:solr-core] XML Injection in Apache Solr
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an enti…
[org.directwebremoting:dwr] Improper Neutralization of Input During Web Page Generation in Direct Web Remoting
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
https://nvd.nist.gov/vuln/detail/CVE-2014-5…
[io.undertow:undertow-core] Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
References
ht…