XSS Vulnerability at JEESNS Microblog Comments

JEESNS is an open source social management system developed on the JAVA enterprise level platform. JEESNS microblogging comments at the existence of XSS vulnerability , an attacker can use the vulnerability to inject arbitrary Web script or HTML...

Red Hat WildFly IIOP OpenJDK Subsystem Unauthorized Operation Vulnerability

Red Hat Wildfly formerly known as JBoss Application Server is the United States Red Hat Red Hat a JavaEE-based open source application server. IIOP OpenJDK subsystem is one of the Java-based subsystem. A security vulnerability exists in the IIOP OpenJDK subsystem in Red Hat WildFly versions prior...

Primetek Primefaces Remote Code Execution Vulnerability

Primetek Primefaces is an open source use in the Java EE system UI library . A remote code execution vulnerability exists in version 5.x of Primetek Primefaces. A remote attacker could exploit this vulnerability to execute code...

Arbitrary File Download Vulnerability in javaee Forum System

javaee forum system is a free open source javaee forum source code system , using springMVC mybatis framework development. javaee forum system has an arbitrary file download vulnerability , an attacker can forge files through the path in the request to download the site configuration or system...

Redhat Wildfly Denial of Service Vulnerability

Red Hat Wildfly formerly known as JBoss Application Server is a U.S. Red Hat Red Hat company based on JavaEE open source application server. A denial of service vulnerability exists in Redhat Wildfly. An attacker could exploit this vulnerability to cause a denial of service...

Oracle GlassFish Server Remote Security Vulnerability (CNVD-2017-00928)

Oracle GlassFish Server is the United States Oracle Oracle company's set of Java Platform, Java EE 6 specification can be realized solution. The program provides flexible, lightweight and ready to use for the development of applications Java EE 6 application server. A remote security vulnerabilit...

Redhat JBoss Enterprise Application Platform Information Disclosure Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is an open source, J2EE-based middleware platform from Red Hat, Inc. that builds, deploys, and hosts Java applications and services.WildFly is an open source application server based on JavaEE. WildFly is an open source application server based on...

Red Hat Wildfly Information Disclosure Vulnerability

Red Hat Wildfly formerly known as JBoss Application Server is a U.S. Red Hat Red Hat company based on JavaEE open source application server. An information disclosure vulnerability exists in Red Hat Wildfly. An attacker could exploit this vulnerability to bypass filter restrictions...

ZvingSoft SQL Injection Vulnerability

ZvingSoft ZCMS is a set of enterprise-level web content management system CMS based on J2EE technology and AJAX technology. ZvingSoft ZCMS suffers from a SQL injection vulnerability that could be exploited by remote attackers to submit specially crafted SQL queries to manipulate or obtain databas...

WebGate Control Center Multiple Control Buffer Overflow Vulnerability

WebGate is an APM solution for real-time monitoring and performance management of business-critical systems based on J2EE architecture. A buffer overflow vulnerability exists in multiple controls in WebGate Control Center, which allows attackers to exploit the vulnerability to build malicious web...

Unspecified Vulnerability in Oracle Containers for J2EE

Oracle Containers for J2EE is a lightweight SOA container. A security vulnerability exists in Oracle Containers for J2EE that could be exploited by remote attackers to compromise system confidentiality...

Apache Struts ClassLoader操作漏洞

CVE ID：CVE-2014-0094 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 该应用程序允许访问直接映射到“getClass（）”方法的“class”参数 ，这可以被利用来操纵所使用的应用程序服务器的ClassLoader。 0 Apache Struts 2.x 厂商补丁： Apache ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://struts.apache.org/release/2.3.x/docs/s2-020.html...

Interstage Application Server Information Disclosure Vulnerability

Overview Interstage Application Server has an information disclosure vulnerability when used in a J2EE environment. Impact By taking the specific steps, a remote attacker could access the files and directories in the server to which J2EE applications are deployed, and the confidential information...

PT-2009-5092 · Ca · Ca Siteminder

Name of the Vulnerable Software and Affected Versions: CA SiteMinder affected versions not specified Description: The issue allows remote attackers to bypass cross-site scripting XSS protections for J2EE applications. This is achieved through a request containing a %00 encoded null byte...

Sun Java Enterprise Server NSS Remote Code Execution Vulnerabilities

The version of Sun Java Enterprise Server ES installed on the remote host includes a set of libraries known as Network Security Services NSS for use with many of Java ES' services. On a Windows host, though, vulnerabilities in their implementation of SSL2 support reportedly allow a remote attacke...