129 matches found
UBUNTU-CVE-2020-1745
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...
CVE-2020-4163
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397...
Eclipse Jetty Cross-Site Scripting Vulnerability
Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A cross-site scripting vulnerability exists in the WebApp JSP Snoop page in EEclipse Jetty 6.1.21 and earlier versions. The vulnerability stems from a lack of proper validation of...
CVE-2009-5046
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22...
SQL Injection Vulnerability in Panmicro e-cology va***.jsp
Panmicro Collaborative Management Application Platform e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, an...
CVE-2019-0305
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
CVE-2019-0305
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
OFCMS background editUploadImage file upload vulnerability
OFCMS is a content management system based on Java technology. A backend editUploadImage file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files without taking into account file.jsp::$DATA of the...
CVE-2019-9612
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...
CVE-2019-9608
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...
GHSA-PJFR-QF3P-3Q25 When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...
Cisco Prime Data Center Network Manager File Upload RCE (cisco-sa-20180502-prime-upload)
The Cisco Prime Data Center Network Manager DCNM running on the remote host is affected by a remote code execution vulnerability due to improper input validation of the parameters in an HTTP request processed by the XmpFileUploadServlet servlet. An unauthenticated, remote attacker can exploit thi...
tomcat: Information Disclosure when using VirtualDirContext
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...
tomcat: Remote Code Execution via JSP Upload
A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...
IBM TRIRIGA Application Platform Input Validation Vulnerability
The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...
DS Data Systems KonaKart eCommerce Platform Directory Traversal Vulnerability
DS Data Systems KonaKart eCommerce Platform is a Java-based eCommerce software from DS Data Systems, UK. The software enhances modules such as shopping cart, payment and order summarization. A directory traversal vulnerability exists in the administration panel of DS Data Systems KonaKart eCommer...
CVE-2016-0300
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412...
BSA-2017-447
Security Advisory ID : BSA-2017-447 Component : Apache Revision : 2.0: Final When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to fals...
Apache Tomcat Remote Code Execution Vulnerability (CNVD-2017-30092)
Apache Tomcat is a popular open source JSP application server program. Apache Tomcat has a remote code execution vulnerability. With HTTP PUT enabled in Apache Tomcat, an attacker can upload an arbitrary JSP file to the server via a constructed request, resulting in remote code execution...
CVE-2017-14105
HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at...