Lucene search
K

318 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 8:50 p.m.22 views

CVE-2005-4805

Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages JSP via unknown vectors...

5CVSS7.2AI score0.02142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/03 10:11 p.m.21 views

CVE-2025-4178

A vulnerability was found in xiaowei1118 javaserver up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The...

5.5CVSS7.3AI score0.00534EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/01 10:0 p.m.24 views

CVE-2025-4178 xiaowei1118 java_server File Upload API FoodController.java path traversal

A vulnerability was found in xiaowei1118 javaserver up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The...

5.5CVSS0.00534EPSS
Exploits1References4
OSV
OSV
added 2025/04/14 6:15 p.m.3 views

CVE-2025-3585

A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /upload/ of the component JSP Parser. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...

8.8CVSS5.5AI score0.0045EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/03/14 12:0 a.m.4 views

LogicalDOC 跨站脚本漏洞

LogicalDOC is the United States LogicalDOC company's set of document management system developed using Java technology. The system has Lucene full-text search index and automatic import and other functions. A security vulnerability exists in LogicalDOC that originates from reflective cross-site...

6.4CVSS6.1AI score0.00245EPSS
Exploits0References2
OSV
OSV
added 2025/03/11 3:15 p.m.5 views

CVE-2024-51319

A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...

7.3CVSS5.9AI score0.0043EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/02/27 11:20 a.m.5 views

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

9.8CVSS7.5AI score0.43663EPSS
Exploits13References5
Positive Technologies
Positive Technologies
added 2025/02/21 12:0 a.m.7 views

PT-2025-7572 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: The issue allows attackers to execute arbitrary code via uploading a crafted .jsp file to the "/file/savefile.do" API endpoint. This is made possible by an arbitrary file upload vulnerability in the component...

4.8CVSS7.7AI score0.00296EPSS
Exploits1References5
OSV
OSV
added 2025/01/23 9:15 p.m.5 views

CVE-2025-23011

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...

8.7CVSS7.1AI score
Exploits0References3
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.4 views

Fedora 安全漏洞

Fedora is a suite of Linux operating systems from the Fedora community. A security vulnerability exists in Fedora version 3.8.1, which stems from a path traversal vulnerability that allows an attacker to place an arbitrary JSP file in a location that can be executed via an unauthenticated GET...

8.8CVSS6.8AI score0.00711EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/12/02 12:0 a.m.4 views

The vulnerability of SAP NetWeaver Java Application Server web applications lies in the improper use of standard permissions, which allows attackers to disclose protected information.

The vulnerability of SAP NetWeaver Java Application Server web applications is related to the incorrect use of standard permissions. Exploiting this vulnerability can allow a malicious actor to disclose protected information from a remote location...

5CVSS5.5AI score0.00388EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/23 7:16 p.m.6 views

CVE-2024-35570

An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file...

9.8CVSS6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.6 views

PT-2024-26307 · Inxedu · Inxedu

Name of the Vulnerable Software and Affected Versions: inxedu version 2024.4 Description: The issue allows attackers to execute arbitrary code by uploading a crafted .jsp file through the uploadAudio method. Recommendations: For inxedu version 2024.4, consider disabling the uploadAudio method unt...

9.8CVSS8.4AI score0.00584EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/05/23 12:0 a.m.6 views

inxedu 安全漏洞

Inxedu inxedu is a set of open source online education platform from China's Inxu Times Inxedu company. The platform includes an online school system, a live broadcasting system, an examination system and a marketing website. inxedu v2.0.6 version of a security vulnerability , the vulnerability...

9.8CVSS7.7AI score0.00894EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2024/05/07 12:0 a.m.2 views

VulnCheck KEV: CVE-2009-2445

Oracle iPlanet Web Server formerly Sun Java System Web Server or Sun ONE Web Server 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI...

5CVSS6AI score0.02521EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.5 views

PT-2024-21368 · Cegid · Cegid Meta4 Hr

Name of the Vulnerable Software and Affected Versions: Cegid Meta4 HR affected versions not specified Description: An Unrestricted Upload of File issue allows an attacker to upload malicious files to the server via the "/config/espanol/update password.jsp" file. By modifying the M4 NEW PASSWORD...

9CVSS6.5AI score0.00553EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/02/29 1:35 a.m.4 views

CVE-2022-34269

An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...

8.8CVSS6.1AI score0.01712EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2024/02/20 12:0 a.m.6 views

The vulnerability of the javax.faces component in the Avalanche mobile device management system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the javax.faces.resource component in the Avalanche mobile device management system is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access t...

6.8CVSS6.6AI score0.37614EPSS
Exploits1References3Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2023/08/01 12:0 a.m.8 views

This Week in Spring - August 1st, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Can you believe it's already August 1, 2023??? Me either. As I write this, I'm preparing some of my contributions for SpringOne at VMWare Explore 2023, happening next month in lovely Las Vegas, NV. Have you registered yet? I'...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/07/26 12:0 a.m.4 views

The vulnerability of the Fortinet FortiNAC network access control mechanism, related to deficiencies in access control, allows a intruder to perform unauthorized calls via JSP.

The vulnerability of the Fortinet FortiNAC network access control mechanism is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to perform unauthorized calls...

8CVSS7.1AI score0.00717EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder