318 matches found
SAP NetWeaver AS Java Information Disclosure (2256846)
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.1 to 7.5, allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. Note that Nessus has not tested for this issue but has instead relied only on the application's...
CVE-2022-31619
A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions V13.1.0.9, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. Java EE...
CVE-2022-31619
A vulnerability has been identified in Teamcenter V12.4 All versions V12.4.0.13, Teamcenter V13.0 All versions V13.0.0.9, Teamcenter V13.1 All versions V13.1.0.9, Teamcenter V13.2 All versions V13.2.0.9, Teamcenter V13.3 All versions V13.3.0.3, Teamcenter V14.0 All versions V14.0.0.2. Java EE...
com.oracle.cdi-enabler:cdi-enabler-1_0-test-webapp (=1), com.sap.cloud.s4hana.starters:scp-neo-javaee6 (>=1.0.0 <=1.1.2) +19 more potentially affected by CVE-2013-5855 via org.glassfish:javax.faces (>=2.1.11 <=2.1.26)
org.glassfish:javax.faces MAVEN version =2.1.11, =1.0.0, =2.23.16, =0.3.0, =0.3.0, =5.11.0, =5.12.0, =5.13.1, =5.12.0, =5.9.4.1, =5.9.4.1, =5.9.4.1, =5.9.4.1, =5.15.4 and more Source cves: CVE-2013-5855 Source advisory: OSV:GHSA-3M3R-82GC-53MJ...
GHSA-V2C9-9M8V-8JJM Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...
GHSA-GJFX-9WX3-J6R7 Apache MyFaces Vulnerable to Path Traversal
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...
PT-2022-11757 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: novel-plus versions all Description: The issue concerns an unrestricted file upload in the /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java file. This allows an attacker to upload malicious JSP files...
GHSA-VV6J-5X58-Q2C3 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)
Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)
Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
CVE-2022-22533
Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This...
PT-2022-15502 · Sap · Sap Netweaver Application Server Java
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server Java versions 7.22 through 7.53 Description: An unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling, allowing the malicious payload to be...
The vulnerability of the Invoker Servlet component in SAP NetWeaver Java Application Server allows a perpetrator to execute arbitrary code or gain full control over the system.
The vulnerability of the Invoker Servlet component in SAP NetWeaver Java Application Server is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code or gain full control over the system through specially crafted HTTP or...
CVE-2021-34685
UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically, a .jsp file is not allowed, but a .jsp. file is allowed and leads to remote code...
CVE-2021-38163
SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...
Design/Logic Flaw
SAP NetWeaver Visual Composer 7.0 RT versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of th...
SAP NetWeaver 路径遍历漏洞
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A path traversal vulnerability exists in SAP NetWeaver versions 7.30, 7.31, 7.40, 7.50, which allows an attacker...
CVE-2020-26806
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code...
PT-2021-20526
Name of the Vulnerable Software and Affected Versions: Eclipse BIRT versions 4.8.0 and earlier Description: An issue exists where an attacker can use query parameters to create a JSP file, accessible from remote, in the current BIRT viewer directory. This allows the injection of JSP code into the...
OESA-2021-1229 mojarra security update
JvaServerTM Faces technology simplifies building user interfaces for JavaServer applications. Developers of various skill levels can quickly build web applications by: assembling reusable UI components in a page; connecting these components to an application data source; and wiring client-generat...
SAP NetWeaver AS JAVA Information Disclosure (3023299)
SAP Netweaver Application Server Java versions 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allow an attacker to access restricted information by entering malicious server name via the UserAdmin application of the SAP NetWeaver application server. Note that Nessus has not tested for this issue but has...