18 matches found
CVE-2024-4027 Undertow: outofmemoryerror in httpservletrequestimpl.getparameternames() can cause remote dos attacks
A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames can cause an OutOfMemoryError when the client sends a request with large parameter names. This issue can be exploited by an unauthorized user to cause a remote denial-of-service DoS attack...
CVE-2025-13805 nutzam NutzBoot LiteRpc-Serializer HttpServletRpcEndpoint.java getInputStream deserialization
A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing a...
EUVD-2000-1036
Malware in sbrugna...
GHSA-HFPG-GQJW-779M Cross-site Scripting in Jolokia agent
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...
Cross-site Scripting in Jolokia agent
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...
CVE-2018-1000129
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...
CVE-2018-1000129
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...
Cross site scripting
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...
CVE-2018-1000129
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...
CVE-2018-1000129
CVE-2018-1000129 affects Jolokia 1.3.7, where the HTTP servlet is vulnerable to cross-site scripting (XSS). An attacker can cause the browser to execute arbitrary JavaScript, potentially hijacking sessions or accessing sensitive data. The issue is documented across multiple sources (NVD and secur...
CVE-2018-1000129
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser...
CVE-2016-0889
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname...
CVE-2016-0889
An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual Appliance before 8.2.0 allows remote attackers to write to arbitrary files via a crafted pathname...
Nortel Contact Recording Centralized Archive 6.5.1 SQL Injection
EyrAPIConfiguration /EyrAPIConfiguration/ .. at the following url: http://host:8080/EyrAPI/EyrAPIConfiguration/EyrAPIConfigurationIf Vulnerability: without prior authentication, you can reach a web service with various methods availiable, as described inside the associated wsdl, see file:...
tomcat: Cross-Site-Scripting enabled by sendError call
Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...
tomcat: Cross-Site-Scripting enabled by sendError call
Cross-site scripting XSS vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method...
CVE-2000-1049
CVE-2000-1049 affects Allaire JRun 3.0 HTTP servlet server. The vulnerability allows remote denial of service when a URL containing a long sequence of "." characters is processed. The available sources describe the impact as a DoS, but do not provide concrete exploitation details, affected versio...
CVE-2000-1049
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters...