Lucene search
K

60 matches found

CVE
CVE
added 2016/04/11 2:0 p.m.56 views

CVE-2016-0711

Apache Jetspeed is vulnerable to cross-site scripting via the title field when adding a link, page, or folder, due to insufficient validation of user input. A remote attacker could inject scripts into pages viewed by users, potentially executing in the browser and, per IBM advisory, may enable th...

6.1CVSS6.3AI score0.03065EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2016/04/11 2:0 p.m.18 views

CVE-2016-2171

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...

7.7AI score0.42673EPSS
Exploits0References3
CVE
CVE
added 2016/04/11 2:0 p.m.71 views

CVE-2016-0710

CVE-2016-0710 affects Apache Jetspeed’s User Manager SQL injection vulnerability. The issue allows remote attackers to manipulate the back-end database by injecting SQL through the (1) role or (2) user parameter to services/usermanager/users/, before Jetspeed 2.3.1. Public references in the conne...

8.8CVSS9.3AI score0.52351EPSS
Exploits5References6Affected Software1
CVE
CVE
added 2016/04/11 2:0 p.m.92 views

CVE-2016-0709

CVE-2016-0709 is a directory traversal vulnerability in the Apache Jetspeed Portal Site Manager Import/Export function. An authenticated administrator could craft a ZIP archive containing dot-dot sequences to place arbitrary files (e.g., a JSP) on disk, enabling remote code execution. Affected ve...

9CVSS7AI score0.77495EPSS
Exploits5References6Affected Software1
OpenVAS
OpenVAS
added 2016/04/01 12:0 a.m.14 views

Apache Jetspeed Detection

Detection of Apache Jetspeed Open Portal. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2016/04/01 12:0 a.m.32 views

Apache Jetspeed Multiple Vulnerabilities (Mar 2016)

Apache Jetspeed is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:jetspeed"; if...

9CVSS6.8AI score0.77495EPSS
Exploits9References2
0day.today
0day.today
added 2016/03/31 12:0 a.m.69 views

Apache Jetspeed - Arbitrary File Upload (Metasploit)

Exploit for java platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecure...

9CVSS7.8AI score0.77495EPSS
Exploits7
Packet Storm
Packet Storm
added 2016/03/31 12:0 a.m.47 views

Apache Jetspeed Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...

9CVSS7.8AI score0.77495EPSS
Exploits7
Exploit DB
Exploit DB
added 2016/03/31 12:0 a.m.75 views

Apache Jetspeed - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...

8.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/28 12:0 a.m.12 views

Apache Jetspeed Detection

Binary data apachejetspeeddetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/03/28 12:0 a.m.35 views

Apache Jetspeed User Manager Service SQLi

The Apache Jetspeed application running on the remote host is affected by a SQL injection vulnerability in the User Manager service due to improper sanitization of user-supplied input to the 'user' and 'role' parameters. An unauthenticated, remote attacker can exploit this to inject SQL queries,...

8.8CVSS8AI score0.52351EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2016/03/28 12:0 a.m.21 views

Apache Jetspeed Portal URI Path Reflected XSS

The Apache Jetspeed application running on the remote host is affected by a reflected cross-site scripting XSS vulnerability in the /portal script due to improper validation of URI path input before returning it to the users. An unauthenticated, remote attacker can exploit this, via a specially...

6.1CVSS7.1AI score0.03203EPSS
Exploits1References2
Metasploit
Metasploit
added 2016/03/24 12:22 a.m.72 views

Apache Jetspeed Arbitrary File Upload

This module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, version 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file...

8.8CVSS7.8AI score0.77495EPSS
Exploits7
CNVD
CNVD
added 2016/03/16 12:0 a.m.6 views

Apache Jetspeed Cross-Site Scripting Vulnerability

Jetspeed is the United States Apache Apache Software Foundation of a set of open portal platform and enterprise information portal using Java and XML development. A cross-site scripting vulnerability exists in Jetspeed versions 2.2.0 through 2.2.2. The vulnerability can be exploited to inject...

6.1CVSS6AI score0.03203EPSS
Exploits1References1
seebug.org
seebug.org
added 2016/03/15 12:0 a.m.19 views

Apache Jetspeed 存储型跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/14 12:0 a.m.16 views

Apache Jetspeed跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
myhack58
myhack58
added 2016/03/10 12:0 a.m.27 views

Portal Apache Jetspeed 2.3.0 and earlier versions: a remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

! As my personal“friendship detect open source software security”one of the projects I'm ready to play play the Apache Jetspeed 2, which v2. 3 0 one. Jetspeed this stuff, used those words, that is: “An open portal platform and enterprise information portal, completely based on open standards,...

0.3AI score
Exploits0
CNVD
CNVD
added 2016/03/09 12:0 a.m.8 views

Apache Jetspeed User Management REST API Unauthorized Access Vulnerability

Jetspeed is based on Java and XML open source enterprise information portal implementation . Jetspeed can integrate a variety of data sources , through the XSL technology will be organized into a Jsp page data or Html page to the client ; Jetspeed also supports templates and content publishing...

8.8CVSS6.8AI score0.52351EPSS
Exploits5References1
seebug.org
seebug.org
added 2016/03/07 12:0 a.m.68 views

Apache Jetspeed 用户管理 REST API 未授权访问漏洞

漏洞效果 用户管理 REST API 未授权 构造用户管理 REST API 创建用户 foobar: curl -i "http://192.168.199.152:8080/jetspeed/services/usermanager/users/?type=json&name=foobar&password=password&passwordconfirm=password&usernamegiven=foo&usernamefamily=bar&[email protected]&newrule=" -X POST 构造用户管理 REST API 提升用户 foobar...

9CVSS7.3AI score0.77495EPSS
Exploits5
seebug.org
seebug.org
added 2016/03/07 12:0 a.m.50 views

Apache Jetspeed 目录穿越漏洞

通过管理员账号在后台 Portal Site Manger 处 import 恶意构造的 ZIP 文件,ZIP 压缩文件中包含名称为 ../../webapps/de.jsp 的文件,在后台处理 上传时会拼接此文件名导致目录穿越,控制文件上传路径。 poc.zip 包 含 名 为 ../../webapps/ROOT/de.jsp 的 文 件 , 内 容 为 is vulnerable: 上传后,即可在网站根目录根据目标环境决定访问到 de.jsp 文件: 要利用目录穿越上传任意文件虽然需要管理权限的账户,但是通过前一个漏 洞可以轻松创建一个拥有管理者权限的任意账户,再利用此漏洞上传...

7.5CVSS8.7AI score0.52351EPSS
Exploits5
Rows per page
Query Builder