CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

303 matches found

Packet Storm•added 2009/05/05 12:0 a.m.•25 views

Sun Glassfish Woodstock Project 4.2 XSS

Digital Security Research Group DSecRG Advisory DSECRG-09-038 Original advisory: http://dsecrg.com/pages/vul/show.php?id=138 Application: Sun Glassfish Woodstock Project part of Glassfish Enterprise Server Versions Affected: 4.2 Vendor URL: https://woodstock.dev.java.net/ Bug: Linked XSS...

0.2AI score

Exploits0

RedHat Linux•added 2008/08/13 2:17 p.m.•1 views

tomcat examples jsp XSS

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS5.8AI score0.5214EPSS

Exploits1References4

RedHat Linux•added 2008/08/05 8:16 a.m.•1 views

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.9AI score0.00681EPSS

Exploits1References4

RedHat Linux•added 2008/08/05 7:58 a.m.•1 views

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.9AI score0.00681EPSS

Exploits1References4

RedHat Linux•added 2008/06/30 3:33 p.m.•3 views

tomcat manager example DoS

Multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 el/functions.jsp, 2 el/implicit-objects.jsp, and 3 jspx/textRotate.jspx in examples/jsp2/, as demonstrated via...

4.3CVSS5.6AI score0.07788EPSS

Exploits0References4

RedHat Linux•added 2008/05/20 2:12 p.m.•3 views

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...

4.3CVSS5.9AI score0.11248EPSS

Exploits0References4

Prion•added 2008/03/11 5:44 p.m.•21 views

Cross site scripting

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.8AI score0.00681EPSS

Exploits1References14Affected Software1

NVD•added 2008/03/11 5:44 p.m.•15 views

CVE-2008-1285

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.5AI score0.00681EPSS

Exploits1References14

Cvelist•added 2008/03/11 5:0 p.m.•21 views

CVE-2008-1285

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

5.5AI score0.00681EPSS

Exploits1References14

Cvelist•added 2007/10/29 7:0 p.m.•21 views

CVE-2002-2347

Cross-site scripting XSS vulnerability in Oracle Java Server Page OJSP demo files 1 hellouser.jsp, 2 welcomeuser.jsp and 3 usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field...

7.4AI score0.00369EPSS

Exploits0References3

Cent OS•added 2007/09/28 8:11 a.m.•81 views

tomcat5 security update

CentOS Errata and Security Advisory CESA-2007:0871 Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java...

4.3CVSS5.8AI score0.81412EPSS

Exploits6References7

RedHat Linux•added 2007/09/26 8:27 a.m.•39 views

Moderate: Red Hat Security Advisory: tomcat security update

Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Tomcat...

4.3CVSS5.8AI score0.81412EPSS

Exploits6References5

RedHat Linux•added 2007/07/17 10:36 a.m.•1 views

tomcat examples jsp XSS

4.3CVSS5.8AI score0.5214EPSS

Exploits1References4

seebug.org•added 2007/06/18 12:0 a.m.•33 views

Apache MyFaces Tomahawk JSF架构Autoscroll参数跨站脚本漏洞

Java Server Faces, JSF是一款用于建立服务端GUI WEB应用程序的架构。 Java Server Faces, JSF不正确过滤用户提交的HTTP请求，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。当从POST或者GET请求解析'autoscroll'参数时，由于不充分过滤，可导致提交恶意脚本代码作为参数，当其他用户解析时可泄露敏感信息。 Apache MyFaces Tomahawk 1.1.5 升级程序： Apache MyFaces Tomahawk 1.1.5 Apache tomahawk-1.1.6-bin.tar.gz...

7.1AI score

Exploits0

securityvulns•added 2007/06/15 12:0 a.m.•50 views

iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability

Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting XSS Vulnerability iDefense Security Advisory 06.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2007 I. BACKGROUND Java Server Faces, JSF, is a framework used to create server side GUI Web applications. It is comparab...

4.3CVSS0.2AI score0.62756EPSS

Exploits0

NVD•added 2007/05/30 10:30 a.m.•13 views

CVE-2007-2904

Cross-site scripting XSS vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653...

4.3CVSS5.8AI score0.00321EPSS

Exploits0References3

RedHat Linux•added 2007/05/08 2:53 p.m.•3 views

tomcat manager example DoS

4.3CVSS5.6AI score0.07788EPSS

Exploits0References4

CVE•added 2006/05/25 10:0 a.m.•42 views

CVE-2005-4805

Technical details about CVE-2005-4805 are not publicly available in the provided documents; no specifics on affected product versions, vectors, or fixes are provided. Monitor for updates.

5CVSS7.2AI score0.0052EPSS

Exploits0References5Affected Software1

Cvelist•added 2006/05/25 10:0 a.m.•16 views

CVE-2005-4805

Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages JSP via unknown vectors...

6.8AI score0.0052EPSS

Exploits0References5

Cvelist•added 2005/07/14 4:0 a.m.•18 views

CVE-2002-2007

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...

6.3AI score0.22609EPSS

Exploits1References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by