257 matches found
CVE-2011-0883
Technical details are not publicly available in the provided documents. Monitor for updates.
SnoopServlet Cross Site Scripting
SnoopServlet simply echos back the request line and the headers that were sent by the client, plus any HTTPS information. Search Google for: j2ee/servlet/snoopservlet to find a lot of vuln sites. PoC:...
SAP NetWeaver AdapterFramework - information disclosure
Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver J2EE Vendor URL: http://www.sap.com Bugs: Information Disclosure Exploits: YES Reported: 06.12.2011 Vendor response: 07.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1679897 Authors: Dmitry Chastukhin...
MyBlog存在任意文件上传漏洞
MyBlog是一个J2ee的开源自建blog系统,攻击者通过他的一些组件问题,可以上传任意文件。 由于使用了早期版本的fckeditor。导致可以通过文件名截断,绕过后缀名验证,上传任意文件。 提交如下http包,即可上传shell http://jdkcn.com/upload/Image/b.jsp POST /FCK/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=%2F HTTP/1.1 Accept: /...
MyBlog presence of the arbitrary file upload vulnerability-vulnerability warning-the black bar safety net
MyBlog presence of the arbitrary file upload vulnerability 2011.4.30 Publishing author: BNE MyBlog is a J2ee open source self-built blog system, an attacker by some of his Assembly question, you can upload any file. Due to the use of an earlier version of the fckeditor the. Lead by the file name...
CVE-2011-1311
The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...
Design/Logic Flaw
The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...
CVE-2011-1311
The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...
Pwnshell : A Better JSP Shell download !
pwnshell is a stripped down version of the c99 shell and the likes. The only difference is that it a single JSP file, embedded with jQuery with a xterm like interface. This is most useful at times when we when have an arbitrary file upload to a web-accessible directory that runs on J2EE. It could...
J-Integra v2. 1 1 remote code execution vulnerability-vulnerability warning-the black bar safety net
J-Integra is a powerful, enables Java and COM, and J2EE, and. NET compatible middleware. J-Integra is divided into J-Integra for COM, J-Integra for . NET and J-Integra for Exchange of three partial products. J-Integra v2. 1 1 A control in the presence of a remote code execution vulnerability that...
CVE-2010-2347
The Telnet interface in the SAP J2EE Engine Core SAP-JEECOR 6.40 through 7.02, and Server Core SERVERCORE 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors...
Design/Logic Flaw
The Telnet interface in the SAP J2EE Engine Core SAP-JEECOR 6.40 through 7.02, and Server Core SERVERCORE 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors...
CVE-2010-2347
The Telnet interface in the SAP J2EE Engine Core SAP-JEECOR 6.40 through 7.02, and Server Core SERVERCORE 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors...
CVE-2010-2347
The CVE-2010-2347 entry concerns SAP-JEECOR SAP-J2EE Engine Core (SAP-JEECOR) versions 6.40–7.02 and SAP Server Core 7.10–7.30. The issue allows remote authenticated users to bypass a security check and perform SMB relay attacks via unspecified vectors. No specifics are provided on the exact vuln...
Macromedia JRun 4 mod_jrun Buffer Overflow (CVE-2004-0646)
Macromedia JRun is an application server used to deploy J2EE Java 2 Enterprise Edition applications, JSPs Java Server Pages, and other Java applications. It can be used as a stand-alone web server or can be accessed through other web servers including Apache. Apache can communicate with the JRun...
[Onapsis Security Advisory 2010-004] SAP J2EE Authentication Phishing Vector
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-004: SAP J2EE Authentication Phishing Vector This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
[Onapsis Security Advisory 2010-002] SAP J2EE Engine MDB Path Traversal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-002: SAP J2EE Engine MDB Path Traversal This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
CVE-2010-0070
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors...
CVE-2010-0067
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors...