UBUNTU-CVE-2021-24122

When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability

Ignite Realtime Openfire is a cross-platform open source Real-Time Collaboration RTC server developed by the Ignite Realtime community in Java and based on XMPP formerly known as Jabber, Instant Messaging Protocol, which is capable of building efficient instant messaging servers and supporting te...

Coremail XT 跨站脚本漏洞

Coremail XT is a set of enterprise-class mail system from China Yingshi Computer Technology Company. The system supports sending and receiving emails, enterprise address book, enterprise cloud disk and schedule synchronization. A cross-site scripting vulnerability exists in jsp/upload.jsp in...

Eclipse Jetty Access Control Error Vulnerability

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty that originates when a system's temporary directory is shared among all users on that system. Concurrent users could observe the creation...

SAP NetWeaver Application Server Java Input Validation Error Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java. No detailed vulnerability...

IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 Multiple Vulnerabilities (296865)

The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.15 or 8.5.0.x prior to 8.5.5.13. It is, therefore, affected by two information disclosure vulnerabilities in the Java Server Faces JSF subcomponent. - IBM WebSphere Application Server allows a remote...

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

ca.uhnresearch.pughlab:java-server (>=1.0.3 <=1.0.5), com.almende.eve:eve-tests (>=3.0.0 <=3.1.0) +53 more potentially affected by CVE-2015-0254 via org.apache.taglibs:taglibs-standard-impl (=1.2.1)

org.apache.taglibs:taglibs-standard-impl MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.taglibs:taglibs-standard-impl and may be impacted: - ca.uhnresearch.pughlab:java-server =1.0.3, =3.0.0, =3.0.0, =3.0.0, =2.1.1,...

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

File Upload Vulnerability in Team CMS

Team CMS website is a jsp + mysql for the development of jsp enterprise building system. Team CMS has a file upload vulnerability that can be exploited by attackers to gain server administrative privileges...

UBUNTU-CVE-2020-1745

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

CVE-2020-9761

An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called...

Security Bulletin: Security vulnerabilities have been identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2017-1583, CVE-2011-4343)

Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin: Multipl...

CVE-2020-4163

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2017-1583, CVE-2011-4343)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearQuest. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

VulnCheck KEV: CVE-2017-16608

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...

Eclipse Jetty Cross-Site Scripting Vulnerability

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A cross-site scripting vulnerability exists in the WebApp JSP Snoop page in EEclipse Jetty 6.1.21 and earlier versions. The vulnerability stems from a lack of proper validation of...

CVE-2009-5046

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22...

SQL Injection Vulnerability in Panmicro e-cology va***.jsp

Panmicro Collaborative Management Application Platform e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, an...