CVE-2019-9106

The CVE-2019-9106 vulnerability affects WebApp v04.68 in the SAET Impianti Speciali TEBE Small 05.01 build 1137 supervisor. It enables remote attackers to execute or include local PHP files, demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php. Root cause i...

CVE-2019-9105

The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/RESTAPI.php?command=CallAPI&customurl=alladminusers...

CVE-2019-9105

The CVE-2019-9105 entry concerns WebApp v04.68 on SAET Impianti Speciali TEBE Small 05.01 build 1137 shown as vulnerable to unauthenticated API calls, demonstrated by returning password hashes via inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers. Connected documents corroborate an a...

Zarafa Webapp Cross-Site Scripting Vulnerability

Zarafa is a commercial, collaborative software solution from the Dutch company Zarafa. The product offers features such as Email and Webmail services, address book and calendar.Zarafa Webapp is a Web-based client application. A cross-site scripting vulnerability exists in Zarafa Webapp 2.0.1.4779...

CVE-2019-7219

Unauthenticated reflected cross-site scripting XSS exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead...

CVE-2019-7219

Unauthenticated reflected cross-site scripting XSS exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead...

Cross site scripting

Unauthenticated reflected cross-site scripting XSS exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead...

CVE-2019-7219

Unauthenticated reflected cross-site scripting XSS exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead...

CVE-2019-7219

Zarafa WebApp

Cross-Site Scripting (XSS)

apache activemq is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the refresh parameter to PortfolioPublishServlet.java, and through debug logs or subscribe messages in webapp/websocket/chat.js...

ADAPT - Tool That Performs Automated Penetration Testing For WebApps

ADAPT is a tool that performs Automated Dynamic Application Penetration Testing for web applications. It is designed to increase accuracy, speed, and confidence in penetration testing efforts. ADAPT automatically tests for multiple industry standard OWASP Top 10 vulnerabilities, and outputs...

Cross-site Scripting (XSS)

cas-server-webapp is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the security questions in casResetPasswordVerifyQuestionsView.html can contain html tags and have lack of sanitization, allowing XSS attacks...

CVE-2018-19518

University of Washington IMAP Toolkit 2007f on UNIX, as used in imapopen in PHP and other products, launches an rsh command by means of the imaprimap function in c-client/imap4r1.c and the tcpaopen function in osdep/unix/tcpunix.c without preventing argument injection, which might allow remote...

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (>=1.3.0 <=1.3.2), org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.1.0 <=1.3.2) +6 more potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring (>=1.1.0 <=1.3.2)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.1.0, =1.3.0, =1.1.0, =1.1.0, =1.2.0, =1.2.0, =1.1.0, =1.1.0, =1.1.0, =1.3.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (=1.3.0), org.apache.cxf.fediz.examples:springPreauthWebapp (=1.3.0) +4 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (=1.3.0)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.fediz:fediz-spring and may be impacted: - org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp =1.3.0 -...

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (>=1.3.0 <=1.4.3), org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.1.0 <=1.4.3) +6 more potentially affected by CVE-2018-8038 via org.apache.cxf.fediz:fediz-spring (>=1.1.0 <=1.4.3)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.1.0, =1.3.0, =1.1.0, =1.1.0, =1.2.0, =1.2.0, =1.1.0, =1.1.0, =1.1.0, =1.4.3 Source cves: CVE-2018-8038 Source advisory: OSV:GHSA-W3GH-G32M-CVHR...

Mattermost Server Detection (HTTP)

HTTP based detection of Mattermost Server. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108464...

Cross-site Scripting (XSS)

tomee-webapp is vulnerable to cross-site scripting XSS attacks. The library does not properly handle URLs, allowing a malicious user to inject and execute arbitrary Javascript through it...

Security Bulletin: TADDM – Security improvement: AXIS in TADDM reveal configuration information without authentication.

Summary Default deployment of AXIS webapp may allow access to TADDM configuration information. TADDM security improvement deployed starting from TADDM 7.2.1.5 and in TADDM 7.2.2 prevents improper access. Vulnerability Details CVE-2013-3018 Description AXIS webapp deployed by default in...

CVE-2012-10045

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/xodafileupload.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...