162 matches found
Improper Input Validation in Apache Jackrabbit
XML external entity XXE vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request...
GHSA-6FXV-38XC-H866 Apache Jackrabbit contains Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.jsp or 2 swr.jsp...
Apache Jackrabbit contains Cross-site Scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.jsp or 2 swr.jsp...
Mageia: Security Advisory (MGASA-2015-0242)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
io.wcm:io.wcm.testing.wcm-io-mock.caconfig (=1.2.0), org.apache.jackrabbit:oak-auth-external (>=1.10.0 <=1.10.7) +14 more potentially affected by CVE-2020-1940 via org.apache.jackrabbit:oak-core (>=1.10.0 <=1.10.7)
org.apache.jackrabbit:oak-core MAVEN version =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.7 and more Source cves: CVE-2020-1940 Source advisory: OSV:GHSA-3H68-WVV6-8R5H...
GHSA-3H68-WVV6-8R5H Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...
Hitachi Vantara Pentaho Access Control Error Vulnerability
Hitachi Vantara Pentaho, a service used by Hitachi Japan to store and manage data in big data environments, is vulnerable to an access control error that could be exploited to list all application usernames present in the Jackrabbit repository...
Hitachi Vantara Pentaho 访问控制错误漏洞
Hitachi Vantara Pentaho, a service used by Hitachi Japan to store and manage data in big data environments, is vulnerable to an access control error that could be exploited to list all application usernames present in the Jackrabbit repository...
Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Jackrabbit User Enumeration Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th February 2021 Solution Date: Wont...
CVE-2020-1940
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...
CVE-2020-1940
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...
Information disclosure
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...
CVE-2020-1940
The CVE-2020-1940 vulnerability affects Apache Jackrabbit Oak, specifically version range 1.2.0 to 1.22.0. The issue arises from the optional initial password change and password expiration flow: the changed password is added to the credentials object but not removed during the first authenticati...
CVE-2020-1940
The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does n...
Cross-Site Scripting (XSS)
Jackrabbit Web Application is susceptible to cross-site scripting XSS attack. The attack exists because it does not escape the q parameter to 1 search.jsp or 2 swr.jsp...
Naenara Browser 3.5 (RedStar 3.0 Desktop) - JACKRABBIT Client-Side Command Execution Exploit
Exploit for linux platform in category local exploits n0m3rcYn0M3rCyn0m3Rc N0MeRCYn0m3rCyn0m3rCyn0m n0MERCypDK var xunescape = unescape; oneblock = xunescape"%u0040%u1000"; stackpivot =...
Naenara Browser 3.5 (RedStar 3.0 Desktop) - JACKRABBIT Client-Side Command Execution
Naenara Browser 3.5 RedStar 3.0 Desktop - JACKRABBIT Client-Side Command Execution n0m3rcYn0M3rCyn0m3Rc N0MeRCYn0m3rCyn0m3rCyn0m n0MERCypDK var xunescape = unescape; oneblock = xunescape"%u0040%u1000"; stackpivot =...
Naenara Browser 3.5 (RedStar 3.0 Desktop) - 'JACKRABBIT' Client-Side Command Execution
n0m3rcYn0M3rCyn0m3Rc N0MeRCYn0m3rCyn0m3rCyn0m n0MERCypDK var xunescape = unescape; oneblock = xunescape"%u0040%u1000"; stackpivot = xunescape"%u6885%u0805%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u5a91%u0805%u4141%u4141"; nopsled =...
Apache Jackrabbit CSRF Vulnerability (Sep 2016) - Windows
Apache Jackrabbit is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...