Lucene search
+L

90 matches found

Zero Day Initiative
Zero Day Initiative
added 2019/03/04 12:0 a.m.25 views

(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT perfSelItemServer getSelItemBean Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8.8CVSS3.5AI score0.0364EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2019/03/04 12:0 a.m.21 views

(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT deviceservice saveSelectedInterfaces Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8.8CVSS3.6AI score0.0364EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2019/03/04 12:0 a.m.29 views

(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT deviceservice queryCustomCondition Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

8.8CVSS4.1AI score0.0364EPSS
Exploits0
Veracode
Veracode
added 2018/11/07 10:12 a.m.21 views

Cross-site Scripting (XSS)

gwt-user is vulnerable to a cross-site scripting XSS attack. The library does not sanitize multiple script elements, allowing a malicious user to inject and execute arbitrary Javascript...

4.3CVSS5.8AI score0.00992EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2018/04/26 9:29 p.m.6 views

DEBIAN-CVE-2018-10237

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class when serialized with Java serialization...

5.9CVSS8.1AI score0.05119EPSS
Exploits0References1
CVE
CVE
added 2018/04/26 9:0 p.m.659 views

CVE-2018-10237

CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...

5.9CVSS5.9AI score0.05119EPSS
Exploits0References53Affected Software1
Check Point Advisories
Check Point Advisories
added 2017/09/11 12:0 a.m.26 views

HPE Intelligent Management Center saveSelectedDevices Expression Language Injection (CVE-2017-12491)

An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of a parameter passed to the saveSelectedDevices method through a GWT RPC request. A remote, authenticated attacker can exploit this vulnerability by sendi...

9CVSS2.2AI score0.0572EPSS
Exploits0
Hacker One
Hacker One
added 2017/09/04 1:7 p.m.14 views

Mail.ru: Monitor

Здравствуйте обнаружил GWT Monitor http://185.5.139.198:8086/index.html Whois говорит ваше inetnum: 185.5.138.0 - 185.5.139.255 netname: MAILRU-SRV-15 descr: Mail.Ru country: RU admin-c: MAIL-RU tech-c: MAIL-RU status: ASSIGNED PA mnt-by: MNT-NETBRIDGE created: 2012-10-11T14:40:11Z last-modified:...

6.9AI score
Exploits0
appercut
appercut
added 2016/06/01 12:0 a.m.681 views

LogicalDoc Document Managment System CE: source code security analysis report

Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...

8.1AI score
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2016/01/10 8:30 p.m.1733 views

Hackazon - A Modern Vulnerable Web App

Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. Hackazon has an AJAX interface, strict workflows and RESTful API’s used by a companion mobile app providing uniquely-effective training and...

9.8AI score
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2014/12/28 12:0 a.m.30 views

CA ARCserve D2D GWT RPC Request Credentials Disclosure - Ver2 (CVE-2011-3011)

A credentials disclosure vulnerability has been reported in CA ARCserve D2D. The vulnerability is due to an error while processing Google Web Toolkit GWT RPC requests. A remote attacker can exploit this vulnerability by sending a specially crafted RPC request to an affected server. Successful...

5CVSS6.6AI score0.71631EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.34 views

RHEL 6 : Virtualization Manager (RHSA-2012:1506)

Red Hat Enterprise Virtualization Manager 3.1 is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the C...

6.8CVSS5.6AI score0.00895EPSS
Exploits0References12
NVD
NVD
added 2014/11/07 11:55 a.m.21 views

CVE-2014-8671

Cross-site scripting XSS vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field...

4.3CVSS5.6AI score0.0096EPSS
Exploits1References2
Prion
Prion
added 2014/11/07 11:55 a.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field...

4.3CVSS6.1AI score0.0096EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/11/07 11:0 a.m.35 views

CVE-2014-8671

CVE-2014-8671 is a cross-site scripting (XSS) vulnerability in the Android version of the GWT Mobile PhoneGap Showcase application. The issue allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field. The connected sources confirm the vulnerability a...

4.3CVSS5.8AI score0.0096EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2014/11/07 11:0 a.m.25 views

CVE-2014-8671

Cross-site scripting XSS vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field...

5.6AI score0.0096EPSS
Exploits1References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

hupa webmail 0.0.2 - Stored XSS

No description provided by source. !/usr/bin/python ''' Exploit Title: Hupa Webmail Stored XSS Date: 14/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://james.apache.org/hupa/ Software Link: http://repo1.maven.org/maven2/org/apache/james/hupa/hupa/0.0.2/hupa-0.0.2.war Version...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.38 views

CA ARCserve D2D r15 GWT RPC Multiple Vulnerabilities

No description provided by source. Exploit Title:CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution Google Dork: / Date: 25 July 2011 Author: rgod Software Link: / Version: r15.0 Tested on: Microsoft Windows Server 2003 r2 sp2 CVE : none ?php / CA...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

CA Arcserve D2D GWT RPC Credential Information Disclosure

No description provided by source. $Id: caarcserverpcauthbypass.rb 13467 2011-08-01 21:20:29Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2014/05/14 2:3 a.m.125 views

WVS v9.5 - Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web...

8.4AI score
Exploits0
Rows per page
Query Builder