Unspecified Vulnerability in Apache Sling JCR ContentLoader XmlReader

Apache Sling JCR ContentLoader is the United States Apache Apache Software Foundation for the Java platform for a set of open source Web framework. The framework can be in the JCR Content Repository Java Content Repository on the creation of content-oriented applications . XmlReader is one of the...

Debian Security Advisory DSA 3679-1 (jackrabbit - security update)

Lukas Reschke discovered that Apache Jackrabbit, an implementation of the Content Repository for Java Technology API, did not correctly check the Content-Type header on HTTP POST requests, enabling Cross-Site Request Forgery CSRF attacks by malicious web sites. OpenVAS Vulnerability Test $Id:...

CVE-2015-1887

IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository JCR information via a crafted request...

Apache Jackrabbit 1.4/1.5 Content Repository (JCR) swr.jsp q Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/33360/info Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code i...

Apache JackRabbit 2.0.0 webapp XPath Injection

No description provided by source. Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description:...

Apache Jackrabbit 1.4/1.5 Content Repository (JCR) search.jsp q Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/33360/info Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code i...

CVE-2013-6735

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository JCR information via a modified Web...

Code injection

IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository JCR information via a modified Web...

CVE-2013-6735

CVE-2013-6735 affects IBM Web Content Manager (WCM). The connected sources confirm an XPath-injection vulnerability in WCM LIBRARY parameter that allows an unauthenticated attacker to manipulate requests and potentially extract sensitive configuration/JCR data from vulnerable WCM installations (v...

Apache JackRabbit 2.0.0 XPath Injection

Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...

Apache JackRabbit 2.0.0 - webapp XPath Injection

Apache JackRabbit 2.0.0 - webapp XPath Injection Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip...

Apache JackRabbit 2.0.0 webapp XPath Injection Vulnerabilty

Exploit for jsp platform in category web applications =========================================================== Apache JackRabbit 2.0.0 webapp XPath Injection Vulnerabilty =========================================================== Title: Apache JackRabbit webapp XPath Injection Author: ADEO...

Apache JackRabbit 1.41.5 Content Repository (JCR) - search.jsp?q Cross-Site Scripting

Apache JackRabbit 1.41.5 Content Repository JCR - search.jsp?q Cross-Site Scripting source: https://www.securityfocus.com/bid/33360/info Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may levera...

Apache JackRabbit 1.4/1.5 Content Repository (JCR) - 'swr.jsp?q' Cross-Site Scripting

source: https://www.securityfocus.com/bid/33360/info Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

Apache JackRabbit 1.4/1.5 Content Repository (JCR) - 'search.jsp?q' Cross-Site Scripting

source: https://www.securityfocus.com/bid/33360/info Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

[Full-disclosure] [ANNOUNCE] Apache Jackrabbit 1.5.2 released

The Apache Jackrabbit community is pleased to announce the release of Apache Jackrabbit version 1.5.2. The release is available for download at: http://jackrabbit.apache.org/downloads.html See the full release notes below for details about this release. Release Notes -- Apache Jackrabbit -- Versi...

Apache JackRabbit 1.41.5 Content Repository (JCR) - swr.jsp?q Cross-Site Scripting

Apache JackRabbit 1.41.5 Content Repository JCR - swr.jsp?q Cross-Site Scripting source: https://www.securityfocus.com/bid/33360/info Apache Jackrabbit is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...