Zhiyuan OA - arbitrary file upload leading

Exploit Title: Zhiyuan OA - arbitrary file upload leading Google Dork / FOFA: app="致远互联-OA" && title="V8.0SP2" Date: 1-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://service.seeyon.com/ Software Link: vendor download / product page if available Version: 5.0, 5.1–5.6sp1,...

PT-2024-12123 · Xpand It · Xpand It Write-Back Manager

Name of the Vulnerable Software and Affected Versions: Xpand IT Write-back Manager version 2.3.1 Description: An arbitrary file upload issue allows attackers to execute arbitrary code via a crafted jsp file. Recommendations: For Xpand IT Write-back Manager version 2.3.1, consider restricting file...

Apache Tomcat Open Redirect Vulnerability (CNVD-2023-80565)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. An open redirection vulnerability exists in Apache Tomcat, which stems from the FORM authentication feature not handling target...

Apache Tomcat Request Obfuscation Vulnerability

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a request obfuscation vulnerability that stems from the fact that if a Web application sends a...

Apache Tomcat Resource Management Error Vulnerability (CNVD-2021-83785)

Apache Tomcat is a lightweight Web application server from the Apache Foundation USA. The program implements support for Servlet and JavaServer Page JSP.A security vulnerability exists in Apache Tomcat, which stems from a web system or product that does not properly validate data boundaries when...

PublicCMS Remote Code Execution Vulnerability

PublicCMS is an open source content management system CMS written in Java. A security vulnerability exists in PublicCMS version 4.0.20180210. A remote attacker can exploit this vulnerability by uploading a ZIP archive file containing a .jsp file with a directory traversal pathname to execute...

Tomcat/JBossWeb: Arbitrary file upload via deserialization

It was possible for an attacker, using complex and limited conditions, to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP...

Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field

Overview The example SendMailServlet page that comes with Apache Tomcat is vulnerable to cross-site scripting via the "From" field. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat includes a sample page called SendMailServlet,...

Apache Tomcat JavaServer Page technology server AJP12 DoS

No description provided...