Lucene search
+L

14 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-8964

Malware in sbrugna...

9.8CVSS9.2AI score0.05027EPSS
Exploits0References10
redhatcve
redhatcve
added 2025/05/22 12:47 p.m.10 views

CVE-2018-17200

The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...

9.8CVSS7AI score0.05027EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2021/04/14 12:0 a.m.6 views

PT-2021-12074 · Unknown · Httpengine

Name of the Vulnerable Software and Affected Versions: HTTPEngine affected versions not specified Description: The issue arises from improper sanitization of user input in HTTPEngine.Handle, allowing directory traversal. This enables an attacker to read files outside the target directory, provide...

7.5CVSS6.8AI score0.01143EPSS
Exploits0References13
bdu_fstec
bdu_fstec
added 2020/01/13 12:0 a.m.7 views

The vulnerability of the “org.apache.ofbiz.service.engine.HttpEngine.java” component of the Apache OFBiz resource planning software allows a hacker to execute arbitrary code.

The vulnerability of the “org.apache.ofbiz.service.engine.HttpEngine.java” component of the Apache OFBiz resource planning software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted...

10CVSS8.2AI score0.05027EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2019/09/11 9:15 p.m.28 views

CVE-2018-17200

The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...

9.8CVSS9.5AI score0.05027EPSS
Exploits0References5
osv
osv
added 2019/09/11 9:15 p.m.4 views

CVE-2018-17200

The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...

9.8CVSS5.8AI score0.05027EPSS
Exploits0References5
prion
prion
added 2019/09/11 9:15 p.m.20 views

Design/Logic Flaw

The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...

7.5CVSS9.3AI score0.05027EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2019/09/11 8:22 p.m.30 views

CVE-2018-17200

The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...

9.5AI score0.05027EPSS
Exploits0References5
cve
cve
added 2019/09/11 8:22 p.m.51 views

CVE-2018-17200

The CVE-2018-17200 entry concerns the Apache OFBiz HTTP engine (HttpEngine.java) handling HTTP service requests via /webtools/control/httpService. The vulnerability arises from deserializing the serviceContent parameter with XStream; although the XStream instance is guarded by disabling ProcessBu...

9.8CVSS9.3AI score0.05027EPSS
Exploits0References5Affected Software1
prion
prion
added 2018/12/13 2:29 p.m.22 views

Design/Logic Flaw

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...

5CVSS7.4AI score0.25743EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2018/12/13 2:29 p.m.25 views

CVE-2018-8033

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...

7.5CVSS7.4AI score0.25743EPSS
Exploits0References1
cvelist
cvelist
added 2018/12/13 2:0 p.m.27 views

CVE-2018-8033

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...

7.4AI score0.25743EPSS
Exploits0References1
seebug
seebug
added 2009/06/11 12:0 a.m.22 views

Sun GlassFish Enterprise Server HTTP Engine/Admin接口本地拒绝服务漏洞

Bugraq ID: 35217 CNCAN ID:CNCAN-2009060604 Sun GlassFish Enterprise Server是一款构建和部署下一代应用程序和服务的开源和开放社区平台。 Sun GlassFish Enterprise Server HTTP引擎和管理接口存在多个安全问题,远程和本地攻击者可以利用漏洞进行跨站脚本执行和拒绝服务等攻击。 -允许远程非特权用户在验证用户浏览器会话中执行JavaScript,导致泄漏敏感信息。 -允许本地特权用户消耗大量系统资源,造成拒绝服务攻击。 Sun Glassfish Enterprise Server 2.1...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2003/03/11 12:0 a.m.31 views

[NT] Multiple Vulnerabilities Found in Forum Web Server

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion In the US? Contact Beyond Security at our new California office housewarming rates on automated network vulnerability scanning. We also...

6.3AI score
Exploits0
Rows per page
Query Builder