318 matches found
Oracle Fusion Middleware Oracle GlassFish Server Component Information Disclosure Vulnerability
Oracle Fusion Middleware Oracle Fusion Middleware is the United States Oracle Oracle company's set of business innovation platform for enterprise and cloud environments. The platform provides middleware, software collection and other functions. Oracle GlassFish Server is one of the components tha...
Oracle GlassFish Server 3.1.2 Multiple Vulnerabilities
Oracle GlassFish Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nuxeo Platform Arbitrary File Upload Vulnerability
Nuxeo Platform is a content management system CMS. An arbitrary file upload vulnerability exists in Nuxeo Platform. A remote attacker can exploit this vulnerability to upload arbitrary JSP code with the help of '...' in the X-File-Name header. in the X-File-Name header to upload arbitrary JSP cod...
NetIQ Access Manager Information Disclosure Vulnerability (CNVD-2017-04728)
NetIQ Access Manager provides a simple, secure, and scalable solution to handle all your Web access needs. NetIQ Access Manager Information Disclosure Vulnerability. Since Access Manager 4.1 and 4.2 support risk-based authentication on the Identity Server. An attacker can obtain local file...
Expression Language (EL) Injection
Java Server Faces is vulnerable to expression language injection. The vulnerability is possible when includeViewParameters is set to true on a navigation case...
CVE-2016-5750
The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users...
tomcat: security manager bypass via JSP Servlet config parameters
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...
tomcat: security manager bypass via JSP Servlet config parameters
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...
[SECURITY] Fedora 25 Update: tomcat-8.0.38-1.fc25
Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...
UBUNTU-CVE-2016-6796
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...
CVE-2016-5519
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...
CVE-2016-5519
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...
CVE-2016-3505
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces...
Buffer overflow
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...
CVE-2016-5519
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...
CVE-2016-5519
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...
CVE-2016-5519
Removed by vendor...
Oracle Fusion Middleware Unspecified Vulnerability in Oracle GlassFish Server Component
Oracle Fusion Middleware Oracle Fusion Middleware is the United States Oracle Oracle company's set of business innovation platform for enterprise and cloud environments. The platform provides middleware, software collection and other functions. Oracle GlassFish Server is one of the components tha...
Oracle GlassFish Server 2.1.1.x < 2.1.1.29 / 3.0.1.x < 3.0.1.14 / 3.1.2.x < 3.1.2.15 Java Server Faces RCE (October 2016 CPU)
According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 2.1.1.x prior to 2.1.1.29, 3.0.1.x prior to 3.0.1.14, or 3.1.2.x prior to 3.1.2.15. It is, therefore, affected by a remote code execution vulnerability in the Java Server Faces component...
SQL Injection Vulnerability in Special Equipment Inspection Management System of Fuzhou Tranda Electronics Co.(CNVD-2016-06025)
Fuzhou Chuangda Electronics Co., Ltd. is a high-tech enterprise specializing in software development, system integration, security services and other computer information services. Fuzhou Chuangda Electronics Co., Ltd. special equipment inspection management system/jy/util/selectryone.jsp?ryqx=1...