Lucene search
K

318 matches found

CNVD
CNVD
added 2020/05/21 12:0 a.m.3 views

File Upload Vulnerability in Team CMS

Team CMS website is a jsp + mysql for the development of jsp enterprise building system. Team CMS has a file upload vulnerability that can be exploited by attackers to gain server administrative privileges...

7.3AI score
Exploits0
OSV
OSV
added 2020/04/28 3:15 p.m.4 views

UBUNTU-CVE-2020-1745

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a...

9.8CVSS6.9AI score0.9927EPSS
Exploits45References4
OSV
OSV
added 2020/03/04 5:15 p.m.3 views

CVE-2020-9761

An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The Java RMI Server has an Insecure Default Configuration, leading to Java Code Execution from a remote URL because an RMI Distributed Garbage Collector method is called...

9.8CVSS7.4AI score0.02136EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/11 9:31 p.m.22 views

Security Bulletin: Security vulnerabilities have been identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2017-1583, CVE-2011-4343)

Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about a security vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin: Multipl...

7.5CVSS1.8AI score0.05334EPSS
Exploits1Affected Software1
OSV
OSV
added 2020/02/04 5:15 p.m.3 views

CVE-2020-4163

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397...

7.2CVSS6.7AI score0.01551EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/04 4:40 p.m.23 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearQuest (CVE-2017-1583, CVE-2011-4343)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearQuest. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS1AI score0.05334EPSS
Exploits1Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/01/20 12:0 a.m.6 views

The vulnerability of JSP-based software technologies like Apache JSPWiki allows attackers to execute cross-site scripting attacks.

The vulnerability of JSP-based software, such as Apache JSPWiki, is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

6.1CVSS6AI score0.05364EPSS
Exploits0References5Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2019/12/17 12:0 a.m.6 views

VulnCheck KEV: CVE-2017-16608

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...

9.8CVSS7.7AI score0.04312EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/08 12:0 a.m.5 views

Eclipse Jetty Cross-Site Scripting Vulnerability

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A cross-site scripting vulnerability exists in the WebApp JSP Snoop page in EEclipse Jetty 6.1.21 and earlier versions. The vulnerability stems from a lack of proper validation of...

6.1CVSS6.4AI score0.0164EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2019/11/06 8:15 p.m.3 views

CVE-2009-5046

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22...

6.1CVSS5.4AI score0.01544EPSS
Exploits0References4
CNVD
CNVD
added 2019/10/16 12:0 a.m.3 views

SQL Injection Vulnerability in Panmicro e-cology va***.jsp

Panmicro Collaborative Management Application Platform e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, an...

7.6AI score
Exploits0
Cvelist
Cvelist
added 2019/07/10 6:48 p.m.22 views

CVE-2019-0318

Under certain conditions SAP NetWeaver Application Server for Java Startup Framework, versions 7.21, 7.22, 7.45, 7.49, and 7.53, allows an attacker to access information which would otherwise be restricted...

5.2AI score0.0136EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2019/07/05 11:55 a.m.8 views

Exploit for CVE-2007-2447

This is a proof-of-concept PoC exploit repository for various...

9.8CVSS8.4AI score0.99998EPSS
Exploits56
NVD
NVD
added 2019/06/12 3:29 p.m.30 views

CVE-2019-0305

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

4.3CVSS4.7AI score0.00886EPSS
Exploits0References2
OSV
OSV
added 2019/06/12 3:29 p.m.4 views

CVE-2019-0305

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

4.3CVSS5.8AI score0.00886EPSS
Exploits0References2
CNVD
CNVD
added 2019/03/07 12:0 a.m.3 views

OFCMS background editUploadImage file upload vulnerability

OFCMS is a content management system based on Java technology. A backend editUploadImage file upload vulnerability exists in versions of OFCMS prior to 1.1.3. The vulnerability stems from the blocking of .jsp and .jspx files without taking into account file.jsp::$DATA of the...

8.8CVSS7.6AI score0.02695EPSS
Exploits1References1
OSV
OSV
added 2019/03/06 10:29 p.m.2 views

CVE-2019-9608

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...

8.8CVSS7.6AI score0.02695EPSS
Exploits1References1
OSV
OSV
added 2019/03/06 10:29 p.m.4 views

CVE-2019-9612

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...

8.8CVSS6.1AI score0.02695EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/02/15 12:0 a.m.4 views

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows a perpetrator to gain unauthorized access to data.

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to data using the HTTP protocol...

5.3CVSS6.3AI score0.01657EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/01/23 12:0 a.m.3 views

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows attackers to modify sensitive information or cause service failures.

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to modify protected information or cause service failures...

9.7CVSS7.5AI score0.01902EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder