EUVD-2015-2715

Malware in sbrugna...

EUVD-2016-6463

Malware in sbrugna...

EUVD-2015-4761

Malware in sbrugna...

EUVD-2022-5430

Malicious code in bioql PyPI...

CVE-2024-13980

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

The vulnerability of the javax.faces component in the Avalanche mobile device management system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the javax.faces.resource component in the Avalanche mobile device management system is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access t...

Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks

A pure python library for identifying the use of known or very weak cryptographic secrets across a variety of platforms. The project is designed to be both a repository of various "known secrets" for example, ASP.NET machine keys found in examples in tutorials, and to provide a language-agnostic...

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which stems from a security issue with the UserForm:jid90 parameter in /SVFE2/pages/feegroups/mccgroup.jsf...

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which originates from an SQL injection that can be achieved by an attacker via the voiceAudit:jid97 parameter of the /SVFE2/pages/audit/voiceaudit.jsf component...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager (BPM) (CVE-2017-1583, CVE-2011-4343)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server. Information about security vulnerabilities affecting IBM WebSphere Application...

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which originates from the UserForm:jid90 parameter in /feegroups/tgrtgroup.jsf contains a SQL injection vulnerability...

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which originates via the UserForm:jid88, UserForm:jid90, and UserForm:jid92 parameters in /SVFE2/pages/feegroups/servicegroup.jsf contain multiple SQL injection vulnerabilities...

com.oracle.cdi-enabler:cdi-enabler-1_0-test-webapp (=1), com.sap.cloud.s4hana.starters:scp-neo-javaee6 (>=1.0.0 <=1.1.2) +19 more potentially affected by CVE-2013-5855 via org.glassfish:javax.faces (>=2.1.11 <=2.1.26)

org.glassfish:javax.faces MAVEN version =2.1.11, =1.0.0, =2.23.16, =0.3.0, =0.3.0, =5.11.0, =5.12.0, =5.13.1, =5.12.0, =5.9.4.1, =5.9.4.1, =5.9.4.1, =5.9.4.1, =5.15.4 and more Source cves: CVE-2013-5855 Source advisory: OSV:GHSA-3M3R-82GC-53MJ...

GHSA-GJFX-9WX3-J6R7 Apache MyFaces Vulnerable to Path Traversal

Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...

GHSA-VV6J-5X58-Q2C3 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

OESA-2021-1229 mojarra security update

JvaServerTM Faces technology simplifies building user interfaces for JavaServer applications. Developers of various skill levels can quickly build web applications by: assembling reusable UI components in a page; connecting these components to an application data source; and wiring client-generat...

IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 Multiple Vulnerabilities (296865)

The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.15 or 8.5.0.x prior to 8.5.5.13. It is, therefore, affected by two information disclosure vulnerabilities in the Java Server Faces JSF subcomponent. - IBM WebSphere Application Server allows a remote...

Security Bulletin: Security vulnerabilities have been identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2017-1583, CVE-2011-4343)

Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin: Multipl...