CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

79 matches found

securityvulns•added 2012/02/12 12:0 a.m.•66 views

[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability

-------------------------------------------------------------------------------------------------- CVE-2011-4367: Apache MyFaces information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: MyFaces Core 2.0.1 to 2.0.11 MyFaces Core 2.1.0 to...

5CVSS0.5AI score0.8592EPSS

Exploits2

securityvulns•added 2012/02/12 12:0 a.m.•53 views

[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability

5CVSS0.5AI score0.8592EPSS

Exploits2

OpenVAS•added 2012/02/11 12:0 a.m.•23 views

Debian Security Advisory DSA 2359-1 (mojarra)

The remote host is missing an update to mojarra announced via advisory DSA 2359-1. OpenVAS Vulnerability Test $Id: deb23591.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2359-1 mojarra Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

6.4CVSS0.5AI score0.00222EPSS

Exploits0

OpenVAS•added 2012/02/11 12:0 a.m.•16 views

Debian: Security Advisory (DSA-2359-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.5AI score0.00222EPSS

Exploits0References3

Tenable Nessus•added 2012/01/12 12:0 a.m.•22 views

Debian DSA-2359-1 : mojarra - EL injection

It was discovered that Mojarra, an implementation of JavaServer Faces, evaluates untrusted values as EL expressions if includeViewParameters is set to true. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

6.4CVSS5.3AI score0.00222EPSS

Exploits0References3

securityvulns•added 2011/12/12 12:0 a.m.•44 views

[SECURITY] [DSA 2359-1] mojarra security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2359-1 [email protected] http://www.debian.org/security/ Florian Weimer December 06, 2011 http://www.debian.org/security/faq -...

6.4CVSS2.9AI score0.00222EPSS

Exploits0

Debian•added 2011/12/06 7:59 p.m.•26 views

[SECURITY] [DSA 2359-1] mojarra security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2359-1 [email protected] http://www.debian.org/security/ Florian Weimer December 06, 2011 http://www.debian.org/security/faq -...

6.4CVSS5.7AI score0.00222EPSS

Exploits0

OSV•added 2011/12/06 12:0 a.m.•13 views

DSA-2359-1 mojarra - EL injection

Bulletin has no description...

6.4CVSS6.3AI score0.00222EPSS

Exploits0

seebug.org•added 2011/12/01 12:0 a.m.•48 views

Apache MyFaces EL表达式求值安全绕过漏洞

Bugtraq ID: 50848 CVE ID：CVE-2011-4359 Apache MyFaces是一款JavaServer Faces技术开源实现。 Apache MyFaces存在安全漏洞，允许恶意用户绕过部分安全限制。问题是由于解析Java Bean中的参数存在错误，可导致部分参数以EL表达式语言表达式求值。成功利用漏洞需要Java Bean中"includeViewParameters"设置为"true"。 Apache MyFaces 2.1.x 厂商解决方案用户可参考如下供应商提供的安全公告获得补丁信息：...

6.5AI score

Exploits2

NVD•added 2011/10/29 10:55 a.m.•11 views

CVE-2011-1368

The JavaServer Faces JSF application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors...

5CVSS6.3AI score0.00207EPSS

Exploits1References3

Prion•added 2011/10/29 10:55 a.m.•12 views

Code injection

5CVSS6.8AI score0.00207EPSS

Exploits1References3Affected Software1

Tenable Nessus•added 2011/09/30 12:0 a.m.•95 views

IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be running on the remote host and is potentially affected by the following vulnerabilities : - An open redirect vulnerability exists related to the 'logoutExitPage' parameter. This can allow remote attackers to trick users into...

7.8CVSS7.6AI score0.90865EPSS

Exploits19References9

ThreatPost•added 2010/06/08 1:10 p.m.•8 views

Tool Expoits Data Flaws in JavaServer Faces

Researchers have released software that exposes private information and executes arbitrary code on sensitive websites by exploiting weaknesses in the widely used web development technology JavaServer Faces. Read the full article. The Register...

4.6AI score

Exploits0References1

seebug.org•added 2010/05/31 12:0 a.m.•44 views

Apache MyFaces ViewState远程跨站脚本漏洞

CVE ID: CVE-2010-2086 Apache MyFaces是JavaServer Faces标准的开源实现。在没有加密view state的情况下，远程攻击者就可以通过在请求中向Apache MyFaces提供新的或修改的view对象执行跨站脚本或任意EL语句。成功利用这个漏洞要求修改非明文存储的序列化view对象。 Apache Group MyFaces 1.2.8 Apache Group MyFaces 1.1.7 厂商补丁： Apache Group ------------...

4CVSS6.5AI score0.02948EPSS

Exploits1

seebug.org•added 2010/05/31 12:0 a.m.•41 views

Oracle Mojarra ViewState远程跨站脚本漏洞

CVE ID: CVE-2010-2087 Mojarrais是JavaServer Faces标准的开源实现。在没有加密view state的情况下，远程攻击者就可以通过在请求中向Mojarrais提供新的或修改的view对象执行跨站脚本或任意EL语句。成功利用这个漏洞要求修改非明文存储的序列化view对象。 Oracle Mojarra 2.0.2 Oracle Mojarra 1.214 厂商补丁： Oracle ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.oracle.com...

4.3CVSS6.5AI score0.0025EPSS

Exploits2

seebug.org•added 2008/08/06 12:0 a.m.•55 views

JBoss Enterprise Application Platform信息泄漏漏洞

BUGTRAQ ID: 30540 CVE ID:CVE-2008-3273 CVE-2008-1285 CNCVE ID：CNCVE-20083273 CNCVE-20081285 JBoss Enterprise Application Platform是一款企业级应用平台。 JBoss Enterprise Application Platform存在信息泄漏问题，远程攻击者可以利用漏洞获得配置的WEB上下文，或进行跨站脚本攻击。 -JavaServer Faces JSF组件存在多个跨站脚本攻击，可导致注入任意WEB脚本或HTML。...

5CVSS0.414EPSS

Exploits6

RedHat Linux•added 2008/08/05 8:16 a.m.•49 views

Moderate: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0CP01 security update

Updated JBoss Enterprise Application Platform JBoss EAP packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss EAP is a middleware platform for Java 2...

5CVSS7.4AI score0.414EPSS

Exploits6References4

RedHat Linux•added 2008/08/05 7:56 a.m.•7 views

Moderate: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP01 security update

Updated JBoss Enterprise Application Platform JBoss EAP packages that fix various security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. JBoss EAP is a middleware platform for Java 2...

5CVSS7.4AI score0.414EPSS

Exploits6References4

RedHat Linux•added 2008/08/05 7:54 a.m.•1 views

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.9AI score0.00681EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by