87 matches found
CVE-2015-2623
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related ...
Buffer overflow
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related ...
CVE-2015-2623
The CVE-2015-2623 entry affects Oracle Fusion Middleware components: Oracle GlassFish Server (3.0.1, 3.1.2) and Oracle WebLogic Server (Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, 12.1.3.0). The underlying issue is related to JavaServer Faces, with remote attackers able to impact integrity vi...
CVE-2015-2623
Removed by vendor...
CVE-2015-4744
Technical details about CVE-2015-4744 are not provided in the supplied documents; no explicit affected products/versions or impact are disclosed. Monitor for updates.
CVE-2015-2623
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related ...
CVE-2015-4744
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors...
Oracle GlassFish Server Multiple Vulnerabilities (July 2015 CPU)
The version of Oracle GlassFish Server running on the remote host is affected by multiple vulnerabilities : - A security bypass vulnerability exists in the bundled Network Security Services NSS library because the definitelengthdecoder function, in file quickder.c, does not properly form the DER...
JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...
JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...
JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...
JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...
Java Faces Miniwebshell
Всем привет, немного посмотрел java server faces. Если у вас есть возможнось загрузить shell.xhtml и как-то проинклудить его, то вот небольшой вебшелл. Соус в том, что мы не можем создавать переменные или что-то куда-то нормально присваивать. Но можем вызывать стейтменты, подгружать классы и в...
Oracle GlassFish Server Multiple Vulnerabilities (October 2013 CPU)
The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities in the following components : - Java Server Faces - Metro C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70482; scriptversion"1.12"; scriptcvsdate"Date: 2018/11/15...
CVE-2013-3827
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...
CVE-2013-3827
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...
Buffer overflow
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...
CVE-2013-3827
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...
CVE-2013-3827
CVE-2013-3827 affects Oracle GlassFish Server components in Fusion Middleware 2.1.1, 3.0.1, 3.1.2; Oracle JDeveloper in 11.1.2.3.0, 11.1.2.4.0, 12.1.2.0.0; and Oracle WebLogic Server in Fusion Middleware 10.3.6.0 and 12.1.1. The vulnerability, related to JavaServer Faces/Web Container handling, a...
CGI Generic Padding Oracle
By manipulating the padding on an encrypted string, Nessus was able to generate an error message that indicates a likely 'padding oracle' vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Face...