Lucene search
+L

257 matches found

cve
cve
added 2011/07/20 10:36 p.m.54 views

CVE-2011-0883

Technical details are not publicly available in the provided documents. Monitor for updates.

4CVSS5.8AI score0.00861EPSS
Exploits0References2Affected Software1
packetstorm
packetstorm
added 2011/07/02 12:0 a.m.27 views

SnoopServlet Cross Site Scripting

SnoopServlet simply echos back the request line and the headers that were sent by the client, plus any HTTPS information. Search Google for: j2ee/servlet/snoopservlet to find a lot of vuln sites. PoC:...

7.4AI score
Exploits0
erpscan
erpscan
added 2011/06/12 12:0 a.m.26 views

SAP NetWeaver AdapterFramework - information disclosure

Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 06.12.2011 Vendor response: 07.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1679897 Authors: Dmitry Chastukhin...

0.5AI score
Exploits0
seebug
seebug
added 2011/05/10 12:0 a.m.35 views

MyBlog存在任意文件上传漏洞

MyBlog是一个J2ee的开源自建blog系统,攻击者通过他的一些组件问题,可以上传任意文件。 由于使用了早期版本的fckeditor。导致可以通过文件名截断,绕过后缀名验证,上传任意文件。 提交如下http包,即可上传shell http://jdkcn.com/upload/Image/b.jsp POST /FCK/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=%2F HTTP/1.1 Accept: /...

7.1AI score
Exploits0
myhack58
myhack58
added 2011/05/06 12:0 a.m.14 views

MyBlog presence of the arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

MyBlog presence of the arbitrary file upload vulnerability 2011.4.30 Publishing author: BNE MyBlog is a J2ee open source self-built blog system, an attacker by some of his Assembly question, you can upload any file. Due to the use of an earlier version of the fckeditor the. Lead by the file name...

0.8AI score
Exploits0
nvd
nvd
added 2011/03/08 9:59 p.m.27 views

CVE-2011-1311

The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...

6CVSS6.3AI score0.00857EPSS
Exploits0References2
prion
prion
added 2011/03/08 9:59 p.m.14 views

Design/Logic Flaw

The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...

6CVSS6.9AI score0.00857EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2011/03/08 9:0 p.m.30 views

CVE-2011-1311

The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...

6.3AI score0.00857EPSS
Exploits0References2
thn
thn
added 2011/01/07 12:58 a.m.27 views

Pwnshell : A Better JSP Shell download !

pwnshell is a stripped down version of the c99 shell and the likes. The only difference is that it a single JSP file, embedded with jQuery with a xterm like interface. This is most useful at times when we when have an arbitrary file upload to a web-accessible directory that runs on J2EE. It could...

7.3AI score
Exploits0
myhack58
myhack58
added 2010/12/03 12:0 a.m.37 views

J-Integra v2. 1 1 remote code execution vulnerability-vulnerability warning-the black bar safety net

J-Integra is a powerful, enables Java and COM, and J2EE, and. NET compatible middleware. J-Integra is divided into J-Integra for COM, J-Integra for . NET and J-Integra for Exchange of three partial products. J-Integra v2. 1 1 A control in the presence of a remote code execution vulnerability that...

1.2AI score
Exploits0
nvd
nvd
added 2010/06/21 7:30 p.m.12 views

CVE-2010-2347

The Telnet interface in the SAP J2EE Engine Core SAP-JEECOR 6.40 through 7.02, and Server Core SERVERCORE 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors...

4.9CVSS6.2AI score0.01094EPSS
Exploits0References8
prion
prion
added 2010/06/21 7:30 p.m.8 views

Design/Logic Flaw

The Telnet interface in the SAP J2EE Engine Core SAP-JEECOR 6.40 through 7.02, and Server Core SERVERCORE 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors...

4.9CVSS6.7AI score0.01094EPSS
Exploits0References8Affected Software2
cvelist
cvelist
added 2010/06/21 7:0 p.m.16 views

CVE-2010-2347

The Telnet interface in the SAP J2EE Engine Core SAP-JEECOR 6.40 through 7.02, and Server Core SERVERCORE 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors...

6.2AI score0.01094EPSS
Exploits0References8
cve
cve
added 2010/06/21 7:0 p.m.51 views

CVE-2010-2347

The CVE-2010-2347 entry concerns SAP-JEECOR SAP-J2EE Engine Core (SAP-JEECOR) versions 6.40–7.02 and SAP Server Core 7.10–7.30. The issue allows remote authenticated users to bypass a security check and perform SMB relay attacks via unspecified vectors. No specifics are provided on the exact vuln...

4.9CVSS6.4AI score0.01094EPSS
Exploits0References8Affected Software1
checkpoint_advisories
checkpoint_advisories
added 2010/02/28 12:0 a.m.40 views

Macromedia JRun 4 mod_jrun Buffer Overflow (CVE-2004-0646)

Macromedia JRun is an application server used to deploy J2EE Java 2 Enterprise Edition applications, JSPs Java Server Pages, and other Java applications. It can be used as a stand-alone web server or can be accessed through other web servers including Apache. Apache can communicate with the JRun...

10CVSS7.3AI score0.07104EPSS
Exploits4
securityvulns
securityvulns
added 2010/02/22 12:0 a.m.102 views

[Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-004: SAP J2EE Authentication Phishing Vector This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2010/02/22 12:0 a.m.130 views

[Onapsis Security Advisory 2010-002] SAP J2EE Engine MDB Path Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-002: SAP J2EE Engine MDB Path Traversal This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

6.9AI score
Exploits0
nvd
nvd
added 2010/01/13 1:30 a.m.20 views

CVE-2010-0070

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors...

4.3CVSS5.9AI score0.02076EPSS
Exploits0References3
nvd
nvd
added 2010/01/13 1:30 a.m.15 views

CVE-2010-0067

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors...

5CVSS5.8AI score0.02538EPSS
Exploits0References3
prion
prion
added 2010/01/13 1:30 a.m.16 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors...

5CVSS6.3AI score0.02538EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder