Lucene search
K

318 matches found

CNVD
CNVD
added 2017/04/20 12:0 a.m.2 views

Oracle Fusion Middleware Oracle GlassFish Server Component Information Disclosure Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is the United States Oracle Oracle company's set of business innovation platform for enterprise and cloud environments. The platform provides middleware, software collection and other functions. Oracle GlassFish Server is one of the components tha...

3.1CVSS6.9AI score0.0152EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/04/19 12:0 a.m.247 views

Oracle GlassFish Server 3.1.2 Multiple Vulnerabilities

Oracle GlassFish Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.3CVSS6.8AI score0.35927EPSS
Exploits0References7
CNVD
CNVD
added 2017/03/28 12:0 a.m.4 views

Nuxeo Platform Arbitrary File Upload Vulnerability

Nuxeo Platform is a content management system CMS. An arbitrary file upload vulnerability exists in Nuxeo Platform. A remote attacker can exploit this vulnerability to upload arbitrary JSP code with the help of '...' in the X-File-Name header. in the X-File-Name header to upload arbitrary JSP cod...

8.8CVSS8.8AI score0.34585EPSS
Exploits7References1
CNVD
CNVD
added 2017/03/27 12:0 a.m.5 views

NetIQ Access Manager Information Disclosure Vulnerability (CNVD-2017-04728)

NetIQ Access Manager provides a simple, secure, and scalable solution to handle all your Web access needs. NetIQ Access Manager Information Disclosure Vulnerability. Since Access Manager 4.1 and 4.2 support risk-based authentication on the Identity Server. An attacker can obtain local file...

5.5CVSS6.3AI score0.00345EPSS
Exploits0References1
Veracode
Veracode
added 2017/03/23 8:33 a.m.19 views

Expression Language (EL) Injection

Java Server Faces is vulnerable to expression language injection. The vulnerability is possible when includeViewParameters is set to true on a navigation case...

6.4CVSS6.5AI score0.01648EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2017/03/23 6:59 a.m.2 views

CVE-2016-5750

The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users...

8.8CVSS6.2AI score0.01114EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/03/07 7:6 p.m.2 views

tomcat: security manager bypass via JSP Servlet config parameters

It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

7.5CVSS7.2AI score0.08321EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2017/03/07 7:6 p.m.2 views

tomcat: security manager bypass via JSP Servlet config parameters

It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

7.5CVSS7.2AI score0.08321EPSS
Exploits0References7
Fedora
Fedora
added 2016/11/19 9:26 p.m.59 views

[SECURITY] Fedora 25 Update: tomcat-8.0.38-1.fc25

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

9.1CVSS2.8AI score0.50896EPSS
Exploits13
OSV
OSV
added 2016/10/28 12:0 a.m.3 views

UBUNTU-CVE-2016-6796

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet...

7.5CVSS6.6AI score0.08321EPSS
Exploits0References5
NVD
NVD
added 2016/10/25 2:29 p.m.27 views

CVE-2016-5519

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...

8.8CVSS7.3AI score0.02332EPSS
Exploits0References3
OSV
OSV
added 2016/10/25 2:29 p.m.3 views

CVE-2016-5519

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...

8.8CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2016/10/25 2:29 p.m.2 views

CVE-2016-3505

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces...

8.8CVSS5.8AI score0.05697EPSS
Exploits0References3
Prion
Prion
added 2016/10/25 2:29 p.m.20 views

Buffer overflow

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...

6.5CVSS5.8AI score0.02332EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2016/10/25 2:0 p.m.13 views

CVE-2016-5519

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...

5.7AI score0.02332EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/10/25 2:0 p.m.30 views

CVE-2016-5519

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces...

7.6AI score0.02332EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2016/10/25 2:0 p.m.26 views

CVE-2016-5519

Removed by vendor...

8.8CVSS8.8AI score0.02332EPSS
Exploits0
CNVD
CNVD
added 2016/10/20 12:0 a.m.4 views

Oracle Fusion Middleware Unspecified Vulnerability in Oracle GlassFish Server Component

Oracle Fusion Middleware Oracle Fusion Middleware is the United States Oracle Oracle company's set of business innovation platform for enterprise and cloud environments. The platform provides middleware, software collection and other functions. Oracle GlassFish Server is one of the components tha...

8.8CVSS6.8AI score0.02332EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/10/20 12:0 a.m.61 views

Oracle GlassFish Server 2.1.1.x < 2.1.1.29 / 3.0.1.x < 3.0.1.14 / 3.1.2.x < 3.1.2.15 Java Server Faces RCE (October 2016 CPU)

According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 2.1.1.x prior to 2.1.1.29, 3.0.1.x prior to 3.0.1.14, or 3.1.2.x prior to 3.1.2.15. It is, therefore, affected by a remote code execution vulnerability in the Java Server Faces component...

8.8CVSS9.1AI score0.02332EPSS
Exploits0References2
CNVD
CNVD
added 2016/06/13 12:0 a.m.1 views

SQL Injection Vulnerability in Special Equipment Inspection Management System of Fuzhou Tranda Electronics Co.(CNVD-2016-06025)

Fuzhou Chuangda Electronics Co., Ltd. is a high-tech enterprise specializing in software development, system integration, security services and other computer information services. Fuzhou Chuangda Electronics Co., Ltd. special equipment inspection management system/jy/util/selectryone.jsp?ryqx=1...

7.6AI score
Exploits0References1
Rows per page
Query Builder