90 matches found
(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT perfSelItemServer getSelItemBean Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT deviceservice saveSelectedInterfaces Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
(0Day) Hewlett Packard Enterprise Intelligent Management Center GWT deviceservice queryCustomCondition Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
Cross-site Scripting (XSS)
gwt-user is vulnerable to a cross-site scripting XSS attack. The library does not sanitize multiple script elements, allowing a malicious user to inject and execute arbitrary Javascript...
DEBIAN-CVE-2018-10237
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class when serialized with Java serialization...
CVE-2018-10237
CVE-2018-10237 affects Google Guava 11.0–24.x before 24.1.1. Unbounded memory allocation occurs during Java serialization of AtomicDoubleArray and GWT serialization of CompoundOrdering, enabling potential denial-of-service via memory exhaustion. Root cause is eager allocation without checks on cl...
HPE Intelligent Management Center saveSelectedDevices Expression Language Injection (CVE-2017-12491)
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. The vulnerability is due to insufficient handling of a parameter passed to the saveSelectedDevices method through a GWT RPC request. A remote, authenticated attacker can exploit this vulnerability by sendi...
Mail.ru: Monitor
Здравствуйте обнаружил GWT Monitor http://185.5.139.198:8086/index.html Whois говорит ваше inetnum: 185.5.138.0 - 185.5.139.255 netname: MAILRU-SRV-15 descr: Mail.Ru country: RU admin-c: MAIL-RU tech-c: MAIL-RU status: ASSIGNED PA mnt-by: MNT-NETBRIDGE created: 2012-10-11T14:40:11Z last-modified:...
LogicalDoc Document Managment System CE: source code security analysis report
Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...
Hackazon - A Modern Vulnerable Web App
Hackazon is a free, vulnerable test site that is an online storefront built with the same technologies used in today’s rich client and mobile applications. Hackazon has an AJAX interface, strict workflows and RESTful API’s used by a companion mobile app providing uniquely-effective training and...
CA ARCserve D2D GWT RPC Request Credentials Disclosure - Ver2 (CVE-2011-3011)
A credentials disclosure vulnerability has been reported in CA ARCserve D2D. The vulnerability is due to an error while processing Google Web Toolkit GWT RPC requests. A remote attacker can exploit this vulnerability by sending a specially crafted RPC request to an affected server. Successful...
RHEL 6 : Virtualization Manager (RHSA-2012:1506)
Red Hat Enterprise Virtualization Manager 3.1 is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the C...
CVE-2014-8671
Cross-site scripting XSS vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field...
Cross site scripting
Cross-site scripting XSS vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field...
CVE-2014-8671
CVE-2014-8671 is a cross-site scripting (XSS) vulnerability in the Android version of the GWT Mobile PhoneGap Showcase application. The issue allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field. The connected sources confirm the vulnerability a...
CVE-2014-8671
Cross-site scripting XSS vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name field...
hupa webmail 0.0.2 - Stored XSS
No description provided by source. !/usr/bin/python ''' Exploit Title: Hupa Webmail Stored XSS Date: 14/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://james.apache.org/hupa/ Software Link: http://repo1.maven.org/maven2/org/apache/james/hupa/hupa/0.0.2/hupa-0.0.2.war Version...
CA ARCserve D2D r15 GWT RPC Multiple Vulnerabilities
No description provided by source. Exploit Title:CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution Google Dork: / Date: 25 July 2011 Author: rgod Software Link: / Version: r15.0 Tested on: Microsoft Windows Server 2003 r2 sp2 CVE : none ?php / CA...
CA Arcserve D2D GWT RPC Credential Information Disclosure
No description provided by source. $Id: caarcserverpcauthbypass.rb 13467 2011-08-01 21:20:29Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
WVS v9.5 - Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web...