318 matches found
SAP Netweaver 信息泄露漏洞
SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver AS JAVA, which can be exploited by an attacker t...
The vulnerability of SAP NetWeaver Java Application Server, a software integration platform of SAP NetWeaver, related to authentication errors, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the SAP NetWeaver Java Application Server, a software integration platform of SAP NetWeaver, is related to authentication errors. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
CVE-2021-21485
An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged user...
SAP Netweaver 访问控制错误漏洞
SAP Netweaver is the German SAP SAP company's set of service-oriented integration of the application platform, the platform mainly for SAP applications to provide a development environment. The platform mainly for SAP applications to provide a development and runtime environment.SAP NetWeaver...
SAP NetWeaver Application Server 信息泄露漏洞
SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver Application Server for Java versions 7.30, 7.31,...
SAP NetWeaver Application Server Java 安全漏洞
SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A content spoofing vulnerability exists in SAP NetWeaver Application Server for Java versions 7.10, 7.11, 7.20,...
SAP NetWeaver AS Java Invoker Servlet Code Execution (1445998)
SAP Netweaver Application Server Java versions before 7.30 are potentially affected by a code execution vulnerability in the invoker servlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable Network Security,...
SAP NetWeaver AS JAVA Reverse Tabnabbing (2976947)
SAP Netweaver Application Server Java Applications based on WebDynpro Java versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. Note that Nessus has not tested for this issue but has instead...
Java Server Pages Backdoor (CVE-2022-23463)
A generic backdoor exists in Java server pages. The vulnerability is due to lack of user input sanitation. Successful exploitation of this vulnerability might allow an attacker to execute arbitrary code on the affected system...
UBUNTU-CVE-2021-24122
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of...
Ignite Realtime Openfire Cross-Site Scripting Vulnerability
Ignite Realtime Openfire is a cross-platform open source Real-Time Collaboration RTC server developed by the Ignite Realtime community in Java and based on XMPP formerly known as Jabber, Instant Messaging Protocol, which is capable of building efficient instant messaging servers and supporting te...
Coremail XT 跨站脚本漏洞
Coremail XT is a set of enterprise-class mail system from China Yingshi Computer Technology Company. The system supports sending and receiving emails, enterprise address book, enterprise cloud disk and schedule synchronization. A cross-site scripting vulnerability exists in jsp/upload.jsp in...
Eclipse Jetty Access Control Error Vulnerability
Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty that originates when a system's temporary directory is shared among all users on that system. Concurrent users could observe the creation...
The vulnerability of the WildFly application server in Java, related to errors in the implementation of security checks for standard elements, allows attackers to compromise the confidentiality and integrity of protected information.
The vulnerability of the WildFly application server relates to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
SAP NetWeaver Application Server Java Input Validation Error Vulnerability
SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A security vulnerability exists in SAP NetWeaver Application Server Java. No detailed vulnerability...
IBM WebSphere Application Server 8.0.0.x < 8.0.0.15 / 8.5.x < 8.5.5.13 Multiple Vulnerabilities (296865)
The IBM WebSphere Application Server running on the remote host is version 8.0.0.x prior to 8.0.0.15 or 8.5.0.x prior to 8.5.5.13. It is, therefore, affected by two information disclosure vulnerabilities in the Java Server Faces JSF subcomponent. - IBM WebSphere Application Server allows a remote...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
ca.uhnresearch.pughlab:java-server (>=1.0.3 <=1.0.5), com.almende.eve:eve-tests (>=3.0.0 <=3.1.0) +53 more potentially affected by CVE-2015-0254 via org.apache.taglibs:taglibs-standard-impl (=1.2.1)
org.apache.taglibs:taglibs-standard-impl MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.taglibs:taglibs-standard-impl and may be impacted: - ca.uhnresearch.pughlab:java-server =1.0.3, =3.0.0, =3.0.0, =3.0.0, =2.1.1,...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...
undertow: AJP File Read/Inclusion Vulnerability
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances...