Code injection

The JavaServer Pages JSP component in Cisco Integrated Management Controller IMC Supervisor before 1.0.0.1 and UCS Director formerly Cloupia Unified Infrastructure Controller before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and...

CVE-2015-6259

CVE-2015-6259 affects Cisco Integrated Management Controller (IMC) Supervisor prior to 1.0.0.1 and Cisco UCS Director prior to 5.2.0.1. The JSP component enables remote attackers to overwrite arbitrary files via crafted HTTP requests, a vulnerability tracked as CSCus36435/CSCus62625. The issue is...

CVE-2015-6259

The JavaServer Pages JSP component in Cisco Integrated Management Controller IMC Supervisor before 1.0.0.1 and UCS Director formerly Cloupia Unified Infrastructure Controller before 5.2.0.1 allows remote attackers to write to arbitrary files via crafted HTTP requests, aka Bug IDs CSCus36435 and...

Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director

Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable. The vulnerability affects the Cisco Integrated Management Controlled Supervisor and UCS Director software. The...

PortletBridge: information disclosure via auto-dispatching of non-JSF resources

It was found that PortletBridge PortletRequestDispatcher did not respect security constraints set by the servlet if a portlet request asked for rendering of a non-JSF resource such as JSP or HTML. A remote attacker could use this flaw to potentially bypass certain security constraints and gain...

ZCMS 1.1 Cross Site Scripting / SQL Injection Vulnerabilities

ZCMS version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities. + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt Vendor: =============================================...

ZCMS SQL Injection & Persistent XSS

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt Vendor: ============================================= http://zencherry.com/ http://sourceforge.net/projects/zencherrycms Product:...

ZCMS 1.1 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications Exploit Title: SQL Injection & Persistent XSS Google Dork: intitle: SQL Injection & Persistent XSS Date: 2015-06-12 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: zencherry.com Software Link:...

ZCMS 1.1 - Multiple Vulnerabilities

ZCMS 1.1 - Multiple Vulnerabilities Exploit Title: SQL Injection & Persistent XSS Google Dork: intitle: SQL Injection & Persistent XSS Date: 2015-06-12 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: zencherry.com Software Link:...

ZCMS 1.1 - Multiple Vulnerabilities

Exploit Title: SQL Injection & Persistent XSS Google Dork: intitle: SQL Injection & Persistent XSS Date: 2015-06-12 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: zencherry.com Software Link: sourceforge.net/projects/zencherrycms Version: 1.1 Tested on:...

RedHat Update for tomcat RHSA-2015:0983-01

The remote host is missing an update for the Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

RHEL 6 : tomcat6 (RHSA-2015:0991)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0991 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was discovered that the ChunkedInputFilter in...

CentOS 7 : tomcat (CESA-2015:0983)

Updated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from...

Multiple IBM Rational Products Jazz Help System Information Disclosure Vulnerabilities

IBM Rational CLM, Rational Team Concert RTC, and Rational Engineering Lifecycle Manager are collaborative lifecycle management solutions; Rational Quality Manager RQM is a set of collaborative, Web-based quality management solutions; Rational Requirements Composer and Rational DOORS Next Generati...

[SECURITY] Fedora 21 Update: tomcat-7.0.59-1.fc21

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[ANN] Apache Struts 2.3.20 GA release available with security fix

The Apache Struts group is pleased to announce that Apache Struts 2.3.20 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is...

[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache Warns of Tomcat Remote Code Execution Vulnerability

Some older versions of the open source Apache Tomcat web server and servlet container, are vulnerable to remote code execution. In what Mark Thomas, a longtime Apache Tomcat committer, calls “limited circumstances,” a user could upload malicious JavaServer Pages JSP to a server running Tomcat, an...

[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...