Lucene search
K

318 matches found

NVD
NVD
added 2015/06/02 2:59 p.m.22 views

CVE-2015-4158

SAP ABAP & Java Server allows remote attackers to cause a denial of service service termination via unspecified vectors, aka SAP Security Note 2121661...

5CVSS6.7AI score0.01812EPSS
Exploits1References2
Prion
Prion
added 2015/06/02 2:59 p.m.18 views

Code injection

SAP ABAP & Java Server allows remote attackers to cause a denial of service service termination via unspecified vectors, aka SAP Security Note 2121661...

5CVSS7.2AI score0.01812EPSS
Exploits1References2
CVE
CVE
added 2015/06/02 2:0 p.m.45 views

CVE-2015-4158

Technical details about CVE-2015-4158 are not publicly available in the provided connected documents; monitoring for updates is advised.

5CVSS6.9AI score0.01812EPSS
Exploits1References2Affected Software2
erpscan
erpscan
added 2015/04/12 12:0 a.m.15 views

SAP NetWeaver directory creation outside of the JVM

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: SAP Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli ERPScan VULNERABILITY...

7.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/03/24 9:5 p.m.2 views

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

4.3CVSS7.5AI score0.04715EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/03/11 4:51 p.m.2 views

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

4.3CVSS7.5AI score0.04715EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.3 views

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

4.3CVSS7.5AI score0.04715EPSS
Exploits0References5
CNVD
CNVD
added 2015/01/20 12:0 a.m.3 views

ManageEngine ServiceDesk Remote Code Execution Vulnerability

ManageEngine SeviceDesk Plus is a comprehensive helpdesk and asset management software that provides an integrated console for IT administrators and desktop agents. A remote code execution vulnerability exists in ManageEngine ServiceDesk due to a failure to properly handle JSP uploads when... /...

9CVSS8.5AI score0.1073EPSS
Exploits3References1
OSV
OSV
added 2014/09/12 1:55 a.m.2 views

UBUNTU-CVE-2013-4444

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file...

6.8CVSS7.1AI score0.1399EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/07/16 5:12 p.m.6 views

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

4.3CVSS7.5AI score0.04715EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability

No description provided by source...

7.1AI score
Exploits0
NVD
NVD
added 2014/04/30 2:22 p.m.18 views

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

5CVSS6AI score0.02275EPSS
Exploits0References6
Prion
Prion
added 2014/04/30 2:22 p.m.16 views

Design/Logic Flaw

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

5CVSS6.6AI score0.02275EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2014/04/30 2:0 p.m.25 views

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

6AI score0.02275EPSS
Exploits0References6
rdot
rdot
added 2014/03/15 12:0 a.m.512 views

Java Faces Miniwebshell

Всем привет, немного посмотрел java server faces. Если у вас есть возможнось загрузить shell.xhtml и как-то проинклудить его, то вот небольшой вебшелл. Соус в том, что мы не можем создавать переменные или что-то куда-то нормально присваивать. Но можем вызывать стейтменты, подгружать классы и в...

7.2AI score
Exploits0
Cisco
Cisco
added 2013/10/18 2:38 p.m.35 views

Cisco Unity Connection Directory Traversal Vulnerability

A vulnerability in the attachment service of Cisco Unity Connection, known as Cisco Unity Web Service or as Voice Message Web Service VMWS, could allow an authenticated, remote attacker to place files in arbitrary locations on an affected device. The vulnerability is due to a failure to properly...

4CVSS2.5AI score0.01466EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/10/17 12:0 a.m.96 views

Oracle GlassFish Server Multiple Vulnerabilities (October 2013 CPU)

The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities in the following components : - Java Server Faces - Metro C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70482; scriptversion"1.12"; scriptcvsdate"Date: 2018/11/15...

5CVSS7.5AI score0.32441EPSS
Exploits1References4
NVD
NVD
added 2013/10/16 3:55 p.m.20 views

CVE-2013-3827

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...

5CVSS5.5AI score0.32441EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2013/10/16 3:55 p.m.3 views

CVE-2013-3827

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...

5CVSS5.6AI score0.32441EPSS
Exploits0References7
Prion
Prion
added 2013/10/16 3:55 p.m.21 views

Buffer overflow

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...

5CVSS6.1AI score0.32441EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder