Lucene search
K

318 matches found

CVE
CVE
added 2013/10/16 3:0 p.m.243 views

CVE-2013-3827

CVE-2013-3827 affects Oracle GlassFish Server components in Fusion Middleware 2.1.1, 3.0.1, 3.1.2; Oracle JDeveloper in 11.1.2.3.0, 11.1.2.4.0, 12.1.2.0.0; and Oracle WebLogic Server in Fusion Middleware 10.3.6.0 and 12.1.1. The vulnerability, related to JavaServer Faces/Web Container handling, a...

5CVSS5.5AI score0.32441EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2013/10/16 3:0 p.m.42 views

CVE-2013-3827

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...

5.5AI score0.32441EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/09/16 4:53 p.m.4 views

Tomcat/JBossWeb: Arbitrary file upload via deserialization

It was possible for an attacker, using complex and limited conditions, to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP...

7.5CVSS6.8AI score0.07199EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/09/03 7:58 p.m.4 views

Tomcat/JBossWeb: Arbitrary file upload via deserialization

It was possible for an attacker, using complex and limited conditions, to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP...

7.5CVSS6.8AI score0.07199EPSS
Exploits0References4
securityvulns
securityvulns
added 2012/03/20 12:0 a.m.51 views

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against: Microsoft Windows Server 2003 r2 sp2...

0.1AI score
Exploits0
0day.today
0day.today
added 2012/03/19 12:0 a.m.46 views

ManageEngine DeviceExpert 5.6 Java Server Directory Traversal

Exploit for jsp platform in category web applications ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/01/15 12:0 a.m.41 views

Cloupia End-To-End FlexPod Management Directory Traversal

Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: Yes Software Description Provides...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2012/01/15 12:0 a.m.33 views

Cloupia End-to-end FlexPod Management - Directory Traversal

Cloupia End-to-end FlexPod Management - Directory Traversal Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2011/04/29 12:0 a.m.52 views

xMatters AlarmPoint APClient 3.2.0 Heap Buffer Overflow

Information -------------------- Name : Heap Buffer Overflow in xMatters AlarmPoint APClient Version: APClient 3.2.0 native Software : xMatters AlarmPoint Vendor Homepage : http://www.xmatters.com Vulnerability Type : Heap Buffer Overflow Md5: 283d98063323f35deb7afbd1db93d859 APClient.bin Severit...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2011/04/15 12:4 p.m.10 views

Oracle to release 73 security vulnerabilities security patch update !

Oracle to release 73 security vulnerabilities security patch update ! Oracle plans to release a large number of security patches for its various software products next week, including six bug-fixes for its flagship database software. All told, there will be 73 security vulnerabilities fixed acros...

6.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2011/02/20 12:0 a.m.4 views

SAP Crystal Reports 2008 Directory Traversal

SAP Crystal Reports is a business intelligence application which is used to design and generate reports from various data sources. These sources include databases, spreadsheets, text files, XML files, etc. SAP Crystal Reports installation includes Tomcat Web server and various servlet components ...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/10/29 12:0 a.m.119 views

CGI Generic Padding Oracle

By manipulating the padding on an encrypted string, Nessus was able to generate an error message that indicates a likely 'padding oracle' vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Face...

6.4CVSS5.4AI score0.67481EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 2010/09/20 10:0 p.m.3 views

CVE-2009-5000

Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...

4.3CVSS5.4AI score0.00845EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2009/11/17 12:0 a.m.17 views

Adobe JRun 4 Server File Disclosure (CVE-2004-0928)

Adobe JRun is an application server used to deploy J2EE Java 2 Enterprise Edition applications, JSPs Java Server Pages, and other Java applications. It can be used as a stand-alone web server or can be accessed through other web servers including IIS and Apache. With IIS, JRun can be registered t...

5CVSS6.2AI score0.04075EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/05/11 12:0 a.m.49 views

Project Woodstock 404 Error Page UTF-7 Encoded XSS

The remote web server contains a web application built using Woodstock components, which are user interface components for the web- based on Java Server Faces and AJAX. Woodstock is part of Sun Glassfish Enterprise Server and can also be used with other Java web containers, such as JBoss, Tomcat,...

4.3CVSS5.4AI score0.04046EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2009/05/05 12:0 a.m.28 views

Sun Glassfish Woodstock Project 4.2 XSS

Digital Security Research Group DSecRG Advisory DSECRG-09-038 Original advisory: http://dsecrg.com/pages/vul/show.php?id=138 Application: Sun Glassfish Woodstock Project part of Glassfish Enterprise Server Versions Affected: 4.2 Vendor URL: https://woodstock.dev.java.net/ Bug: Linked XSS...

0.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/08/13 2:17 p.m.2 views

tomcat examples jsp XSS

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS5.8AI score0.77376EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/08/05 8:16 a.m.3 views

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.9AI score0.02537EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/08/05 7:58 a.m.5 views

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.9AI score0.02537EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/06/30 3:33 p.m.4 views

tomcat manager example DoS

Multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 el/functions.jsp, 2 el/implicit-objects.jsp, and 3 jspx/textRotate.jspx in examples/jsp2/, as demonstrated via...

4.3CVSS5.6AI score0.07883EPSS
Exploits0References4
Rows per page
Query Builder