318 matches found
File Upload Vulnerability in Team CMS
Team CMS website is a jsp + mysql for the development of jsp enterprise building system. Team CMS has a file upload vulnerability that can be exploited by attackers to gain server administrative privileges...
UBUNTU-CVE-2020-1745
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...
CVE-2020-9761
An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called...
Security Bulletin: Security vulnerabilities have been identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2017-1583, CVE-2011-4343)
Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin: Multipl...
CVE-2020-4163
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2017-1583, CVE-2011-4343)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearQuest. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
The vulnerability of JSP-based software technologies like Apache JSPWiki allows attackers to execute cross-site scripting attacks.
The vulnerability of JSP-based software, such as Apache JSPWiki, is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...
VulnCheck KEV: CVE-2017-16608
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...
Eclipse Jetty Cross-Site Scripting Vulnerability
Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A cross-site scripting vulnerability exists in the WebApp JSP Snoop page in EEclipse Jetty 6.1.21 and earlier versions. The vulnerability stems from a lack of proper validation of...
CVE-2009-5046
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22...
SQL Injection Vulnerability in Panmicro e-cology va***.jsp
Panmicro Collaborative Management Application Platform e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, an...
CVE-2019-0318
Under certain conditions SAP NetWeaver Application Server for Java Startup Framework, versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted...
Exploit for CVE-2007-2447
This is a proof-of-concept PoC exploit repository for various...
CVE-2019-0305
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
CVE-2019-0305
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
OFCMS background editUploadImage file upload vulnerability
OFCMS is a content management system based on Java technology. A backend editUploadImage file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files without taking into account file.jsp::$DATA of the...
CVE-2019-9608
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...
CVE-2019-9612
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...
The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows a perpetrator to gain unauthorized access to data.
The vulnerability of the Java Server Faces component of the Oracle GlassFish Server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to data using the HTTP protocol...
The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows attackers to modify sensitive information or cause service failures.
The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to modify protected information or cause service failures...