Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

GHSA-VV6J-5X58-Q2C3 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2022-22533

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...

PT-2022-15502 · Sap · Sap Netweaver Application Server Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java versions 7.22 through 7.53 Description: An unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling, allowing the malicious payload to be...

CVE-2021-34685

UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed and leads to remote code...

CVE-2021-38163

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...

Design/Logic Flaw

SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...

SAP NetWeaver 路径遍历漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A path traversal vulnerability exists in SAP NetWeaver versions 7.30, 7.31, 7.40, 7.50, which allows an attacker...

CVE-2020-26806

admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code...

PT-2021-20526

Name of the Vulnerable Software and Affected Versions: Eclipse BIRT versions 4.8.0 and earlier Description: An issue exists where an attacker can use query parameters to create a JSP file, accessible from remote, in the current BIRT viewer directory. This allows the injection of JSP code into the...

OESA-2021-1229 mojarra security update

JvaServerTM Faces technology simplifies building user interfaces for JavaServer applications. Developers of various skill levels can quickly build web applications by: assembling reusable UI components in a page; connecting these components to an application data source; and wiring client-generat...

SAP NetWeaver AS JAVA Information Disclosure (3023299)

SAP Netweaver Application Server Java versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allow an attacker to access restricted information by entering malicious server name via the UserAdmin application of the SAP NetWeaver application server. Note that Nessus has not tested for this issue but has...

SAP Netweaver 信息泄露漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver AS JAVA, which can be exploited by an attacker t...

CVE-2021-21485

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user...

SAP Netweaver 访问控制错误漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integration of the application platform, the platform mainly for SAP applications to provide a development environment. The platform mainly for SAP applications to provide a development and runtime environment.SAP NetWeaver...

SAP NetWeaver Application Server 信息泄露漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver Application Server for Java versions 7.30, 7.31,...

SAP NetWeaver Application Server Java 安全漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A content spoofing vulnerability exists in SAP NetWeaver Application Server for Java versions 7.10, 7.11, 7.20,...

SAP NetWeaver AS Java Invoker Servlet Code Execution (1445998)

SAP Netweaver Application Server Java versions before 7.30 are potentially affected by a code execution vulnerability in the invoker servlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable Network Security,...

SAP NetWeaver AS JAVA Reverse Tabnabbing (2976947)

SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. Note that Nessus has not tested for this issue but has instead...

Java Server Pages Backdoor (CVE-2022-23463)

A generic backdoor exists in Java server pages. The vulnerability is due to lack of user input sanitation. Successful exploitation of this vulnerability might allow an attacker to execute arbitrary code on the affected system...