Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roller vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-17198
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and previous versions unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which ...
Apache Roller 5.2.1
Apache Roller
Apache Roller 5.2.0
9.8
CVSSv3
CVE-2014-0030
The XML-RPC protocol support in Apache Roller prior to 5.0.3 allows malicious users to conduct XML External Entity (XXE) attacks via unspecified vectors.
Apache Roller 4.0.1
Apache Roller 3.1
Apache Roller 4.0
Apache Roller 5.0
Apache Roller 5.0.1
Apache Roller 5.0.2
1 EDB exploit
7.5
CVSSv3
CVE-2021-33580
User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since...
Apache Roller
7.2
CVSSv3
CVE-2015-0249
The weblog page template in Apache Roller 5.1 up to and including 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL).
Apache Roller 5.1.0
Apache Roller 5.1.1
6.1
CVSSv3
CVE-2019-0234
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade ...
Apache Roller 5.2.1
Apache Roller 5.2.0
Apache Roller 5.2.2
5.4
CVSSv3
CVE-2023-37581
Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted use...
Apache Roller
4.3
CVSSv3
CVE-2019-16680
An issue exists in GNOME file-roller prior to 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
Gnome File-roller
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
3.9
CVSSv3
CVE-2020-36314
fr-archive-libarchive.c in GNOME file-roller up to and including 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue e...
Gnome File-roller
Fedoraproject Fedora 34
3.9
CVSSv3
CVE-2020-11736
fr-archive-libarchive.c in GNOME file-roller up to and including 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Gnome File-roller
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
NA
CVE-2014-7802
The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a cr...
Appa-apps Top Roller Coasters Europe 2 \\@7f050001
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »