CVE-2019-0318

Under certain conditions SAP NetWeaver Application Server for Java Startup Framework, versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted...

Exploit for CVE-2007-2447

This is a proof-of-concept PoC exploit repository for various...

CVE-2019-0305

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

CVE-2019-0305

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

OFCMS background editUploadImage file upload vulnerability

OFCMS is a content management system based on Java technology. A backend editUploadImage file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files without taking into account file.jsp::$DATA of the...

CVE-2019-9612

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...

CVE-2019-9608

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...

RichFaces Expression Language Injection Vulnerability

RichFaces Framework is an open source JSF component framework. A security vulnerability exists in RichFaces Framework versions 3.X through 3.3.4. A remote attacker can exploit the vulnerability to execute arbitrary code...

GHSA-PJFR-QF3P-3Q25 When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

CVE-2018-3210

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server...

CVE-2018-2911

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server...

Buffer overflow

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server...

CVE-2018-3210

CVE-2018-3210 affects Oracle GlassFish Server 3.1.2 (Oracle Fusion Middleware), specifically the Java Server Faces subcomponent. An unauthenticated attacker with network access via HTTP can read a subset of data from the server. Public records in the provided documents confirm CVSSv3.0 base score...

CVE-2018-3210

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server...

CVE-2018-2911

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server...

CVE-2018-2911

Oracle GlassFish Server (Fusion Middleware, Java Server Faces subcomponent) is affected in version 3.1.2. An unauthenticated attacker with network access over HTTP can compromise the server, potentially exposing or altering data and enabling partial denial of service. The CVE-2018-2911 descriptio...

Unspecified Vulnerability in Oracle GlassFish Server (CNVD-2018-24379)

Oracle Fusion Middleware Oracle Fusion Middleware is Oracle's Oracle set of business innovation platform for enterprise and cloud environments, which provides middleware, software collections, etc. GlassFish Server is one of the application server components. A security vulnerability exists in th...

Unspecified Vulnerability in Oracle GlassFish Server (CNVD-2019-38558)

Oracle Fusion Middleware is a digital business platform for enterprise and cloud computing, and Oracle GlassFish Server is an implementation of the Java Platform Enterprise Edition Java EE 6 specification that provides a flexible, lightweight, production-ready Java EE 6 application server. An...

Security Bulletin: Multiple vulnerabilities have been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2017-1583 )

Summary Multiple vulenrabilites in Java Server Faces JSF affects WebSphere Application Server that is shipped as a component of IBM Cloud Orchestrator and Cloud Orchestrator Enterprise. Information about a security vulnerability affecting WebSphere Application Server has been published in a...

Security Bulletin: Multiple vulnerabilities affect Java Server Faces (JSF) used by WebSphere Application Server shipped with Jazz for Service Management (CVE-2017-1583, CVE-2011-4343)

Summary There are two potential information disclosure vulnerabilities that affects the Java Server Faces JSF component used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2017-1583 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to obtain sensitive...