257 matches found
CVE-2016-2386
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...
CVE-2016-2386
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079...
CVE-2016-2386
CVE-2016-2386 affects SAP NetWeaver J2EE Engine 7.40, specifically the UDDI server. The vulnerability is a SQL injection that allows remote attackers to execute arbitrary SQL commands via unspecified vectors, with exploitation attempts documented in PoCs and exploits targeting the UDDI interface ...
CVE-2016-2386
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
[SECURITY] Fedora 21 Update: springframework-3.2.15-1.fc21
Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...
[SECURITY] Fedora 22 Update: springframework-3.2.15-1.fc22
Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...
[SECURITY] Fedora 23 Update: springframework-3.2.15-1.fc23
Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...
Deliberately Insecure Web Application: OWASP WebGoat
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...
SAP NetWeaver J2EE Engine BP_FIND_JOBS_WITH_PROGRAM Function Module SQL Injection Vulnerability
SAP NetWeaver J2EE Engine is a service-oriented SAP SAP company's integrated application platform J2EE engine. BPFINDJOBSWITHPROGRAM function is one of the find the request for the specified program module. A SQL injection vulnerability exists in the BPFINDJOBSWITHPROGRAM function module in SAP...
Sql injection
SQL injection vulnerability in the BPFINDJOBSWITHPROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-7239
CVE-2015-7239 concerns a SQL injection vulnerability in the SAP NetWeaver J2EE Engine 7.40, specifically in the BP_FIND_JOBS_WITH_PROGRAM function module. The issue allows a remote attacker to execute arbitrary SQL commands through unspecified vectors. Public references (ERPScan advisory ERPSCAN-...
[SECURITY] Fedora 21 Update: springframework-3.2.14-1.fc21
Spring is a layered Java/J2EE application framework, based on code publishe d in Expert One-on-One J2EE Design and Development by Rod Johnson Wrox, 2002...
欧朋浏览器之广告主后台敏感信息泄漏漏洞(泄漏内容证明)
简要描述: J2EE架构安全 详细说明: 泄漏点: http://59.151.113.225/WEB-INF/web.xml http://59.151.113.225/WEB-INF/spring/webmvc-config.xml 漏洞证明: Spring+Freemaker 反编译class文件...
欧朋浏览器多站配置不当泄漏敏感信息
简要描述: J2EE架构安全 详细说明: 关于WEB-INF WEB-INF是Java的WEB应用的安全目录。所谓安全就是客户端无法访问,只有服务端可以访问的目录。 WEB-INF目录下的敏感目录及文件: classes目录(包含该应用核心的java类编译后的class文件及部分配置文件) lib目录(所用框架、插件或组件的架包) web.xml(重要的配置文件) 泄漏点1. http://59.151.113.213/WEB-INF/web.xml http://59.151.113.213/WEB-INF/spring/webmvc-config.xml...
Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2015 CPU)
The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities in the Web Listener subcomponent : - An integer overflow condition exists in libxml2 within file xpath.c, related to XPath expressions when adding a new namespace note. An unauthenticated, remot...
CVE-2015-0372
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors...
CVE-2015-0372
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors...
CVE-2015-0372
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors...
CVE-2015-0372
Technical details for CVE-2015-0372 are not publicly available in the provided documents; no affected product/version or root cause is specified here. Monitor for updates.
SAP NetWeaver 7.4 (Pmitest servlet) - XSS vulnerability
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: XSS Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2234918 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...