CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2007-6433 – EJBQL injection via 'order' parameter
https://notcve.org/view.php?id=CVE-2007-6433
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. El método getRenderedEjbql en la clase org.jboss.seam.framework.Query en JBoss Seam 2.x anterior a 2.0.0.CR3 permite a atacantes remotos inyectar y ejecutar comandos EJBQL de su elección a través del parámetro order. • http://jira.jboss.com/jira/browse/JBSEAM-2084 http://osvdb.org/42631 http://secunia.com/advisories/28077 http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866 http://www.redhat.com/support/errata/RHSA-2008-0151.html http://www.redhat.com/support/errata/RHSA-2008-0158.html http://www.redhat.com/support/errata/RHSA-2008-0213.html http://www.securityfocus.com/bid/26850 http://www.vupen.com/english/advisories/2007/4215 https://access.redhat.com/ • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 26%CPEs: 31EXPL: 0CVE-2004-0523
https://notcve.org/view.php?id=CVE-2004-0523
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root. Múltiples desbordamientos de búfer en krb5_aname_to_localname en MIT Kerberos 5 (krb5) 1.3.3 y anteriores permite a atacantes remtos ejecutar código de su elección como root • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860 http://lwn.net/Articles/88206 http://marc.info/?l=bugtraq&m=108612325909496&w=2 http://marc.info/?l=bugtraq&m=108619161815320&w=2 http://marc.info/?l=bugtraq&m=108619250923790&w=2 http://sunsolve.sun.com/search/document.do? •