14 matches found
EUVD-2018-8964
Malware in sbrugna...
CVE-2018-17200
The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...
PT-2021-12074 · Unknown · Httpengine
Name of the Vulnerable Software and Affected Versions: HTTPEngine affected versions not specified Description: The issue arises from improper sanitization of user input in HTTPEngine.Handle, allowing directory traversal. This enables an attacker to read files outside the target directory, provide...
The vulnerability of the “org.apache.ofbiz.service.engine.HttpEngine.java” component of the Apache OFBiz resource planning software allows a hacker to execute arbitrary code.
The vulnerability of the “org.apache.ofbiz.service.engine.HttpEngine.java” component of the Apache OFBiz resource planning software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted...
CVE-2018-17200
The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...
CVE-2018-17200
The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...
Design/Logic Flaw
The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...
CVE-2018-17200
The Apache OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the serviceContent parameter in the request and deserializes it using XStream. This XStream instance is slightly guard...
CVE-2018-17200
The CVE-2018-17200 entry concerns the Apache OFBiz HTTP engine (HttpEngine.java) handling HTTP service requests via /webtools/control/httpService. The vulnerability arises from deserializing the serviceContent parameter with XStream; although the XStream instance is guarded by disabling ProcessBu...
Design/Logic Flaw
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...
CVE-2018-8033
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...
CVE-2018-8033
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...
Sun GlassFish Enterprise Server HTTP Engine/Admin接口本地拒绝服务漏洞
Bugraq ID: 35217 CNCAN ID:CNCAN-2009060604 Sun GlassFish Enterprise Server是一款构建和部署下一代应用程序和服务的开源和开放社区平台。 Sun GlassFish Enterprise Server HTTP引擎和管理接口存在多个安全问题,远程和本地攻击者可以利用漏洞进行跨站脚本执行和拒绝服务等攻击。 -允许远程非特权用户在验证用户浏览器会话中执行JavaScript,导致泄漏敏感信息。 -允许本地特权用户消耗大量系统资源,造成拒绝服务攻击。 Sun Glassfish Enterprise Server 2.1...
[NT] Multiple Vulnerabilities Found in Forum Web Server
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion In the US? Contact Beyond Security at our new California office housewarming rates on automated network vulnerability scanning. We also...