Lucene search
K

318 matches found

RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.5 views

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...

4.3CVSS5.9AI score0.05476EPSS
Exploits0References4
NVD
NVD
added 2008/03/11 5:44 p.m.36 views

CVE-2008-1285

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.5AI score0.02537EPSS
Exploits1References14
Prion
Prion
added 2008/03/11 5:44 p.m.30 views

Cross site scripting

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.8AI score0.02537EPSS
Exploits1References14Affected Software1
Cvelist
Cvelist
added 2008/03/11 5:0 p.m.39 views

CVE-2008-1285

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

5.5AI score0.02537EPSS
Exploits1References14
Cvelist
Cvelist
added 2007/10/29 7:0 p.m.32 views

CVE-2002-2347

Cross-site scripting XSS vulnerability in Oracle Java Server Page OJSP demo files 1 hellouser.jsp, 2 welcomeuser.jsp and 3 usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field...

7.4AI score0.01704EPSS
Exploits0References3
Cent OS
Cent OS
added 2007/09/28 8:11 a.m.84 views

tomcat5 security update

CentOS Errata and Security Advisory CESA-2007:0871 Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java...

4.3CVSS5.8AI score0.58956EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2007/09/26 8:27 a.m.42 views

Moderate: Red Hat Security Advisory: tomcat security update

Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Tomcat...

4.3CVSS5.8AI score0.58956EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2007/07/17 10:36 a.m.2 views

tomcat examples jsp XSS

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

4.3CVSS5.8AI score0.77376EPSS
Exploits1References4
seebug.org
seebug.org
added 2007/06/18 12:0 a.m.36 views

Apache MyFaces Tomahawk JSF架构Autoscroll参数跨站脚本漏洞

Java Server Faces, JSF是一款用于建立服务端GUI WEB应用程序的架构。 Java Server Faces, JSF不正确过滤用户提交的HTTP请求,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 当从POST或者GET请求解析'autoscroll'参数时,由于不充分过滤,可导致提交恶意脚本代码作为参数,当其他用户解析时可泄露敏感信息。 Apache MyFaces Tomahawk 1.1.5 升级程序: Apache MyFaces Tomahawk 1.1.5 Apache tomahawk-1.1.6-bin.tar.gz...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/06/15 12:0 a.m.61 views

iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability

Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting XSS Vulnerability iDefense Security Advisory 06.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2007 I. BACKGROUND Java Server Faces, JSF, is a framework used to create server side GUI Web applications. It is comparab...

4.3CVSS0.2AI score0.44453EPSS
Exploits0
NVD
NVD
added 2007/05/30 10:30 a.m.23 views

CVE-2007-2904

Cross-site scripting XSS vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653...

4.3CVSS5.8AI score0.01652EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2007/05/08 2:53 p.m.3 views

tomcat manager example DoS

Multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 el/functions.jsp, 2 el/implicit-objects.jsp, and 3 jspx/textRotate.jspx in examples/jsp2/, as demonstrated via...

4.3CVSS5.6AI score0.07883EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/05/25 10:0 a.m.33 views

CVE-2005-4805

Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages JSP via unknown vectors...

6.8AI score0.02142EPSS
Exploits0References5
CVE
CVE
added 2006/05/25 10:0 a.m.51 views

CVE-2005-4805

Technical details about CVE-2005-4805 are not publicly available in the provided documents; no specifics on affected product versions, vectors, or fixes are provided. Monitor for updates.

5CVSS7.2AI score0.02142EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2005/07/14 4:0 a.m.26 views

CVE-2002-2007

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages JSP in the 1 test/jsp, 2 samples/jsp and 3 examples/jsp directories, or the 4...

6.3AI score0.41399EPSS
Exploits1References10
NVD
NVD
added 2005/05/02 4:0 a.m.26 views

CVE-2005-1112

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages .jsp via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the...

5CVSS6.8AI score0.08639EPSS
Exploits0References6
NVD
NVD
added 2005/05/02 4:0 a.m.23 views

CVE-2005-0425

Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages .jsp via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine...

5CVSS6.5AI score0.02096EPSS
Exploits0References3
Cvelist
Cvelist
added 2005/04/16 4:0 a.m.24 views

CVE-2005-1112

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages .jsp via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the...

6.8AI score0.08639EPSS
Exploits0References6
Cvelist
Cvelist
added 2005/02/15 5:0 a.m.26 views

CVE-2005-0425

Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages .jsp via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine...

6.5AI score0.02096EPSS
Exploits0References3
securityvulns
securityvulns
added 2005/02/14 12:0 a.m.32 views

[SA14274] IBM WebSphere Application Server JSP Source Code Disclosure

TITLE: IBM WebSphere Application Server JSP Source Code Disclosure SECUNIA ADVISORY ID: SA14274 VERIFY ADVISORY: http://secunia.com/advisories/14274/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: IBM WebSphere Application Server 6.x...

0.4AI score
Exploits0
Rows per page
Query Builder