Apache ActiveMQ versions 5.11.1 and 5.13.2 suffer from command execution and directory traversal vulnerabilities.
a1a27784f99e8712823fe6fd785434b4Grandstream GXV3275 ships with a default root SSH key which could be used a backdoor. It also suffers from an issue where restricted commands can be leveraged to break out into a full shell.
6dad684ae645e29ac75cadc8f69b03bbApache Standard Taglibs version 1.2.1 suffers from XXE and remote command execution vulnerabilities via the XSL extension in JSTL XML tags.
b775eafea2729bd44cabb6a385742f9fThe Apache Camel XSLT component allows XSL stylesheets to perform calls to external Java methods. A remote attacker able to submit messages to an xslt Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.
98f7ec03dffc49891d4370696e72adeeThe Apache Camel XSLT component will resolve entities in XML messages when transforming them using an xslt route. A remote attacker able to submit messages to an xslt route could use this flaw to read files accessible to the running application server and potentially perform other more advanced XXE attacks. Versions affected include Camel 2.11.0 to 2.11.3 and Camel 2.12.0 to 2.12.2.
44bfc21a5109211ec481ac71bc3f0288Apache Commons Compress versions 1.0 through 1.4 and Apache Ant versions 1.5 through 1.8.3 suffer from a denial of service vulnerability. The bzip2 compressing streams in Apache Commons Compress and Apache Ant internally use sorting algorithms with unacceptable worst-case performance on very repetitive inputs. A specially crafted input to Compress' BZip2CompressorOutputStream or Ant's <bzip2> task can be used to make the process spend a very long time while using up all available processing time effectively leading to a denial of service.
17555b0ed05795db50cf85fee87064ec
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed