undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

undertow: AJP File Read/Inclusion Vulnerability

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...

File Upload Vulnerability in Team CMS

Team CMS website is a jsp + mysql for the development of jsp enterprise building system. Team CMS has a file upload vulnerability that can be exploited by attackers to gain server administrative privileges...

UBUNTU-CVE-2020-1745

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

CVE-2020-4163

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397...

The vulnerability of JSP-based software technologies like Apache JSPWiki allows attackers to execute cross-site scripting attacks.

The vulnerability of JSP-based software, such as Apache JSPWiki, is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

Eclipse Jetty Cross-Site Scripting Vulnerability

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A cross-site scripting vulnerability exists in the WebApp JSP Snoop page in EEclipse Jetty 6.1.21 and earlier versions. The vulnerability stems from a lack of proper validation of...

CVE-2009-5046

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22...

SQL Injection Vulnerability in Panmicro e-cology va***.jsp

Panmicro Collaborative Management Application Platform e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, an...

CVE-2019-0305

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

CVE-2019-0305

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

OFCMS background editUploadImage file upload vulnerability

OFCMS is a content management system based on Java technology. A backend editUploadImage file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files without taking into account file.jsp::$DATA of the...

CVE-2019-9612

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...

CVE-2019-9608

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...

GHSA-PJFR-QF3P-3Q25 When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it containe...

Cisco Prime Data Center Network Manager File Upload RCE (cisco-sa-20180502-prime-upload)

The Cisco Prime Data Center Network Manager DCNM running on the remote host is affected by a remote code execution vulnerability due to improper input validation of the parameters in an HTTP request processed by the XmpFileUploadServlet servlet. An unauthenticated, remote attacker can exploit thi...

tomcat: Information Disclosure when using VirtualDirContext

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

tomcat: Remote Code Execution via JSP Upload

A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution...

IBM TRIRIGA Application Platform Input Validation Vulnerability

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

DS Data Systems KonaKart eCommerce Platform Directory Traversal Vulnerability

DS Data Systems KonaKart eCommerce Platform is a Java-based eCommerce software from DS Data Systems, UK. The software enhances modules such as shopping cart, payment and order summarization. A directory traversal vulnerability exists in the administration panel of DS Data Systems KonaKart eCommer...