Cross-site Scripting Vulnerability in ZhengTong Content Management System

The GovContent Management System is a website management system designed and built on the JAVA EE platform, which is mainly used for the website construction and management of government agencies, enterprises and institutions. A cross-site scripting vulnerability exists in the CMS. The...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.3 for RHEL 7

Updated packages that provides Red Hat JBoss Enterprise Application Platform 7.0.3, fixes several bugs, and adds various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

RHEL 6 : jboss-ec2-eap (RHSA-2016:2072)

An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Moderate: Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.11

An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Apache Struts Dynamic Method Invocation command execution

Added: 05/06/2016 CVE: CVE-2016-3081 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. The Dynamic Method Invocation...

PT-2016-1176 · Sap · Sap Netweaver J2Ee Engine

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver J2EE Engine version 7.40 Description: The issue is related to a SQL injection vulnerability in the UDDI server of the SAP NetWeaver J2EE Engine. This vulnerability allows remote attackers to execute arbitrary SQL commands via...

RHEL 6 : jboss-ec2-eap (RHSA-2016:0124)

Updated jboss-ec2-eap packages that add one enhancement and resolve one security issue are now available for Red Hat JBoss Enterprise Application Platform 6.4.6 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerabilit...

Important: Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.6

Updated jboss-ec2-eap packages that add one enhancement and resolve one security issue are now available for Red Hat JBoss Enterprise Application Platform 6.4.6 on Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerabilit...

GlassFish arbitrary file read vulnerability tracking report-bug warning-the black bar safety net

GlassFish is a tool for building Java EE applications service components. 2 0 1 5 years 1 0 months to be broke General purpose arbitrary file read vulnerability. Using this vulnerability, an attacker can read the server arbitrary file. Was informed of the vulnerability, cloud shield security team...

Critical: Red Hat Security Advisory: Red Hat JBoss Portal 6.2.0 commons-collections security update

An updated package for the apache commons-collections library, fixing one security issue, is now available for Red Hat JBoss Portal 6.2.0 from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS...

Oracle Java EE SDK Version Detection

Binary data 8849.prm...

Oracle GlassFish Server 4.1 - Directory Traversal

Oracle GlassFish Server 4.1 - Directory Traversal Trustwave SpiderLabs Security Advisory TWSL2015-016: Path Traversal in Oracle GlassFish Server Open Source Edition Published: 08/27/2015 Version: 1.0 Vendor: Oracle Corporation Project sponsored by Oracle Product: GlassFish Server Open Source...

Oracle GlassFish Server 4.1 - Directory Traversal

Trustwave SpiderLabs Security Advisory TWSL2015-016: Path Traversal in Oracle GlassFish Server Open Source Edition Published: 08/27/2015 Version: 1.0 Vendor: Oracle Corporation Project sponsored by Oracle Product: GlassFish Server Open Source Edition Version affected: 4.1 and prior versions Produ...

RHEL 6 : jboss-ec2-eap (RHSA-2015:1673)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1673 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates...

Moderate: Red Hat Security Advisory: Red Hat JBoss Portal 6.2.0 security update

An update for the PortletBridge component of Red Hat JBoss Portal 6.2.0 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

[SECURITY] Fedora 22 Update: jboss-connector-1.6-api-1.0.1-1.fc22

Java EE Connector Architecture 1.6 API classes...

ADF Faces 12.1.2.0 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Potential Cross-Site Scripting product: ADF Faces vulnerable version: 12.1.2.0 fixed version: versions with CPU Oct-2014 pat...

JBoss JMX Console Deployer Upload and Execute

JBoss Application Server JBoss AS is a free software and open-source Java EE-based application server. An upload and execute vulnerability has been reported in JBoss jmx-console application. A remote attacker could exploit this vulnerability to run arbitrary commands on the server...

[SECURITY] Fedora 20 Update: springframework-security-3.1.7-1.fc20

Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...

[SECURITY] Fedora 19 Update: springframework-security-3.1.7-1.fc19

Spring Security is a Java/Java EE framework that provides advanced authentication, authorization and other comprehensive security features for enterprise applications. In addition to having a comprehensive list of security functionality, Spring Security is very configurable and employs the Spring...