19 matches found
CVE-2026-12986
A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...
CVE-2026-12986
A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...
EUVD-2026-38793
A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...
CVE-2020-24624
Unathenticated directory traversal in the DownloadServlet class execute method can lead to arbitrary file reads in HPE Pay Per Use PPU Utility Computing Service UCS Meter version 1.9...
CVE-2020-24624
Unathenticated directory traversal in the DownloadServlet class execute method can lead to arbitrary file reads in HPE Pay Per Use PPU Utility Computing Service UCS Meter version 1.9...
The vulnerability of the downloadBasicSSOServlet component in the Identity Server of the authentication and access control solution from NetIQ Access Manager allows a perpetrator to execute arbitrary code.
The vulnerability of the downloadBasicSSOServlet component in the Identity Server’s authentication and access control mechanism is related to errors in managing registration data when processing the fileinfo1 parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary...
CVE-2017-16592
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
CVE-2017-16591
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
CVE-2017-16591
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific...
CVE-2016-0486
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...
CVE-2016-0485
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...
CVE-2016-0484
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the Januar...
CVE-2016-0482
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480,...
CVE-2016-0477
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and...
CVE-2016-0476
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0477 and...
GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Absolute Path Traversal Vulnerability
GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are both products of General Electric Company GE, U.S.A. GE Digital Energy MDS PulseNET is a suite of software applications for monitoring and controlling industrial communication network devices. Enterprise is an enterprise version of MD...
UberFire: Information disclosure and RCE via insecure file upload/download servlets
It was discovered that the default implementation of FileUploadServlet and FileDownloadServlet provided by the UberFire Framework did not restrict the paths to which a file could be written or read from. In applications using this framework and exposing these servlets, a remote attacker could gai...
UberFire: Information disclosure and RCE via insecure file upload/download servlets
It was discovered that the default implementation of FileUploadServlet and FileDownloadServlet provided by the UberFire Framework did not restrict the paths to which a file could be written or read from. In applications using this framework and exposing these servlets, a remote attacker could gai...
CVE-2008-0904
CVE-2008-0904 affects BEA Plumtree Collaboration (4.1 through SP2) and AquaLogic Interaction (4.2 through MP1). The issue is an unspecified vulnerability in the download servlet that allows remote attackers to read arbitrary files via a crafted URL. The NVD entry lists a high impact with CVSS2 ba...