NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ĭeserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. VDB-246134 is the identifier assigned to this vulnerability. The exploit has been disclosed to the public and may be used. The manipulation leads to unrestricted upload. Affected by this issue is some unknown functionality of the component Apache Struts. Apache Basic Auth, it is possible for any user to download protected information like exam answers.Ī vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. When access to the "admin" folder is not protected by some external authorization mechanisms e.g. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.Ī flaw was found in the mod_proxy_cluster in the Apache server. Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |