Security vulnerabilities found by the Lab. In general, issues disclosed here have been vetted and patched by the vendor.

JBoss Seam 2.3.1 Remoting Vulnerabilities

Last modified: , Permalink

JBoss Seam 2.3.1 Remoting is vulnerable to Blind XXE and Information Disclosures

Remote Code Execution in Apache Roller via OGNL Injection

Last modified: , Permalink

Apache Roller 4 and 5 vulnerable to OGNL injection that can lead to remote code execution.

Two Path Traversal Defects in Oracle's JSF2 Implementation

Last modified: , Permalink

Oracle JSF2 is vulnerable to two path traversal defects

Struts2 Remote Code Execution via OGNL Double Evaluation

Last modified: , Permalink

Struts2 is vulnerable to an OGNL double evaluation issue which can lead to remote code execution.

Spring JavaScriptEscape insufficiently escapes some characters

Last modified: , Permalink

pwn/ D4 JavaScriptUtils.javaScriptEscape()