18 matches found
EUVD-2010-4407
Malware in sbrugna...
EUVD-2011-3527
Malware in sbrugna...
EUVD-2008-5243
Malware in sbrugna...
EUVD-2024-2746
Malicious code in bioql PyPI...
EUVD-2024-2827
Malicious code in bioql PyPI...
EUVD-2023-0320
Malicious code in bioql PyPI...
CVE-2024-9408
Eclipse GlassFish 6.2.5 and later is affected by an SSRF vulnerability in specific endpoints due to insufficient validation of user-supplied URLs. The issue allows the server to initiate arbitrary network requests to internal or external resources. Public sources (including NVD, Red Hat, Veracode...
CVE-2024-9408
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints...
CVE-2024-9343
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console...
PT-2024-39578 · Eclipse · Eclipse Glassfish
Name of the Vulnerable Software and Affected Versions: Eclipse Glassfish versions prior to 7.0.17 Description: The Host HTTP parameter could cause the web application to redirect to the specified URL when the requested endpoint is "/management/domain". By modifying the URL value to a malicious...
URL Redirection
org.glassfish.main.web:web-core is vulnerable to a URL Redirection. The vulnerability is due to untrusted URL redirection capabilities in the Apache code included in GlassFish, affecting applications deployed to the root context '/'. It allows an attacker to redirect users to untrusted or malicio...
PT-2023-12896 · Eclipse · Eclipse Glassfish
Name of the Vulnerable Software and Affected Versions: Eclipse GlassFish versions 5.1.0 through 6.2.5 Description: The issue is related to relative path traversal, where the software does not filter request paths starting with './'. This could allow a remote unauthenticated attacker to access...
Eclipse GlassFish 路径遍历漏洞
Eclipse GlassFish is an open source application server from the Eclipse Foundation. A security vulnerability exists in Eclipse GlassFish versions 5.1.0 through 6.2.5, which stems from not filtering paths that begin with a specific string...
com.aripd:aricl (=1.4), com.aripd:aricom (=1.0) +92 more potentially affected by CVE-2013-5855 via org.glassfish:javax.faces (>=2.2.0 <=2.2.20)
org.glassfish:javax.faces MAVEN version =2.2.0, =3.2.1036, =1.0.0, =1.0.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.2.0, =1.0.0, =1.7.3 and more Source cves: CVE-2013-5855 Source advisory: OSV:GHSA-3M3R-82GC-53MJ...
CVE-2018-3210
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server...
Oracle GlassFish Open Source Edition Remote Monitoring Vulnerability
Oracle GlassFish is the United States Oracle Oracle company to achieve a jsp and other applications such as server software. Oracle GlassFish Open Source Edition is its open source version. Oracle GlassFish Open Source Edition 5.0 version of the demonstration function has a security vulnerability...
CVE-2017-10393
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish...
Oracle GlassFish Server Open Source Edition Licensing Issues Vulnerability
Oracle GlassFish Server Open Source Edition is the United States Oracle Oracle company's set of open source version of the server used to build Java EE server-side Java applications. A security vulnerability exists in Oracle GlassFish Server Open Source Edition version 3.0.1 build 22. An attacker...