Jeesns 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary web script or HTML via a specially crafted payload in the comments section of Weibo...

JEESNS 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via a specially crafted payload in the user name field...

Jeesns 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in a private message...

JEESNS 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. An attacker can use this vulnerability to execute arbitrary Web scripts or HTML...

Jeesns 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the article comment section...

OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Library. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows...

CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise...

JEESNS Cross-Site Scripting Vulnerability

JEESNS is a social management system based on the JAVA enterprise-level platform. JEESNS is vulnerable to cross-site scripting, which allows remote attackers to execute arbitrary code by injecting commands into the " CKEditorFuncNum" parameter to execute arbitrary code...

[SECURITY] Fedora 34 Update: jetty-9.4.40-1.fc34

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in ord er to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

Debian DSA-4899-1 : openjdk-11 - security update

It was discovered that the OpenJDK Java platform incompletely enforced configuration settings used in Jar signing verifications. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4899. The...

Design/Logic Flaw

Vulnerability in the Oracle Platform Security for Java product of Oracle Fusion Middleware component: OPSS. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

File Upload Vulnerability in Apusic Application Server Monitoring and Management Platform

Apusic Application Server is Apusic company developed China's first complete support for J2EE Java 2 Platform, Enterprise Edition products . Apusic written in pure Java language , support for EJB1.1, Servlet, JSP, JMS and so on. Apusic is written in pure Java language and supports EJB1.1, Servlet...

VulnCheck KEV: CVE-2020-6287

SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users...

Arbitrary File Read Vulnerability in O2OA System

O2OA system is a Java open source enterprise information construction platform . O2OA system has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...

Exploit for CVE-2020-14756

CVE-2020-14756 WebLogic T3/IIOP RCE ExternalizableHelper.class...

SAP Netweaver AS JAVA Authorization Issues Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An authorization issue vulnerability exists in SAP Netweaver AS JAVA P2P Cluster Communication versions 7.11,...

OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136)

Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of th...