318 matches found
CVE-2005-4805
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages JSP via unknown vectors...
CVE-2025-4178
A vulnerability was found in xiaowei1118 javaserver up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The...
CVE-2025-4178 xiaowei1118 java_server File Upload API FoodController.java path traversal
A vulnerability was found in xiaowei1118 javaserver up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The...
CVE-2025-3585
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /upload/ of the component JSP Parser. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been...
LogicalDOC 跨站脚本漏洞
LogicalDOC is the United States LogicalDOC company's set of document management system developed using Java technology. The system has Lucene full-text search index and automatic import and other functions. A security vulnerability exists in LogicalDOC that originates from reflective cross-site...
CVE-2024-51319
A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...
tomcat: RCE due to TOCTOU issue in JSP compilation
A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...
PT-2025-7572 · Mrcms · Mrcms
Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: The issue allows attackers to execute arbitrary code via uploading a crafted .jsp file to the "/file/savefile.do" API endpoint. This is made possible by an arbitrary file upload vulnerability in the component...
CVE-2025-23011
Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1...
Fedora 安全漏洞
Fedora is a suite of Linux operating systems from the Fedora community. A security vulnerability exists in Fedora version 3.8.1, which stems from a path traversal vulnerability that allows an attacker to place an arbitrary JSP file in a location that can be executed via an unauthenticated GET...
The vulnerability of SAP NetWeaver Java Application Server web applications lies in the improper use of standard permissions, which allows attackers to disclose protected information.
The vulnerability of SAP NetWeaver Java Application Server web applications is related to the incorrect use of standard permissions. Exploiting this vulnerability can allow a malicious actor to disclose protected information from a remote location...
CVE-2024-35570
An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file...
PT-2024-26307 · Inxedu · Inxedu
Name of the Vulnerable Software and Affected Versions: inxedu version 2024.4 Description: The issue allows attackers to execute arbitrary code by uploading a crafted .jsp file through the uploadAudio method. Recommendations: For inxedu version 2024.4, consider disabling the uploadAudio method unt...
inxedu 安全漏洞
Inxedu inxedu is a set of open source online education platform from China's Inxu Times Inxedu company. The platform includes an online school system, a live broadcasting system, an examination system and a marketing website. inxedu v2.0.6 version of a security vulnerability , the vulnerability...
VulnCheck KEV: CVE-2009-2445
Oracle iPlanet Web Server formerly Sun Java System Web Server or Sun ONE Web Server 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP files via an alternate data stream syntax, as demonstrated by a .jsp::$DATA URI...
PT-2024-21368 · Cegid · Cegid Meta4 Hr
Name of the Vulnerable Software and Affected Versions: Cegid Meta4 HR affected versions not specified Description: An Unrestricted Upload of File issue allows an attacker to upload malicious files to the server via the "/config/espanol/update password.jsp" file. By modifying the M4 NEW PASSWORD...
CVE-2022-34269
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...
The vulnerability of the javax.faces component in the Avalanche mobile device management system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the javax.faces.resource component in the Avalanche mobile device management system is related to an incorrect limitation on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access t...
This Week in Spring - August 1st, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! Can you believe it's already August 1, 2023??? Me either. As I write this, I'm preparing some of my contributions for SpringOne at VMWare Explore 2023, happening next month in lovely Las Vegas, NV. Have you registered yet? I'...
The vulnerability of the Fortinet FortiNAC network access control mechanism, related to deficiencies in access control, allows a intruder to perform unauthorized calls via JSP.
The vulnerability of the Fortinet FortiNAC network access control mechanism is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to perform unauthorized calls...