Show filters
48 Total Results
Displaying 41-48 of 48
Sort by:
Attacker Value
Unknown

CVE-2012-1833

Disclosure Date: September 28, 2012 (last updated October 05, 2023)
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.
0
Attacker Value
Unknown

CVE-2010-1622

Disclosure Date: June 21, 2010 (last updated October 04, 2023)
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
0
Attacker Value
Unknown

CVE-2009-2907

Disclosure Date: March 24, 2010 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields."
0
Attacker Value
Unknown

CVE-2009-2897

Disclosure Date: October 13, 2009 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allow remote attackers to inject arbitrary web script or HTML via invalid values for numerical parameters, as demonstrated by an uncaught java.lang.NumberFormatException exception resulting from (1) the typeId parameter to mastheadAttach.do, (2) the eid parameter to Resource.do, and (3) the u parameter in a view action to admin/user/UserAdmin.do. NOTE: some of these details are obtained from third party information.
0
Attacker Value
Unknown

CVE-2009-2898

Disclosure Date: October 13, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.
0
Attacker Value
Unknown

CVE-2002-2365

Disclosure Date: December 31, 2002 (last updated February 22, 2025)
Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.
0
Attacker Value
Unknown

CVE-2001-1438

Disclosure Date: October 22, 2001 (last updated February 22, 2025)
Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.
0
Attacker Value
Unknown

CVE-2000-0058

Disclosure Date: January 05, 2000 (last updated February 22, 2025)
Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files.
0