Lucene search
K

318 matches found

Kitploit
Kitploit
added 2023/07/07 12:30 p.m.83 views

Badsecrets - A Library For Detecting Known Secrets Across Many Web Frameworks

A pure python library for identifying the use of known or very weak cryptographic secrets across a variety of platforms. The project is designed to be both a repository of various "known secrets" for example, ASP.NET machine keys found in examples in tutorials, and to provide a language-agnostic...

9.8CVSS9.8AI score0.75098EPSS
Exploits5References7
OSV
OSV
added 2023/06/13 9:15 a.m.4 views

CVE-2022-39946

An access control vulnerability CWE-284 in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp call...

7.2CVSS5.8AI score0.00717EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.6 views

DataGear 代码问题漏洞

DataGear is an open source and free data visualization and analysis platform from DataGear, Inc. A code issue vulnerability exists in DataGear versions prior to 4.5.1, which stems from a problem with the component JDBC server handler that can lead to deserialization...

8.8CVSS6.9AI score0.01147EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.7 views

SUSE CVE-2008-2402

The Admin Server in Sun Java Active Server Pages ASP Server before 4.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read password hashes and configuration data via direct requests for unspecified documents...

5CVSS6.9AI score0.11367EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.5 views

SUSE CVE-2010-0386

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and CVE-2005-3398...

8.1CVSS7AI score0.01692EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.3 views

SUSE CVE-2013-4444

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file...

6.8CVSS7.6AI score0.1399EPSS
Exploits0References3
OSV
OSV
added 2023/02/14 4:15 a.m.5 views

CVE-2023-23856

In SAP BusinessObjects Business Intelligence Web Intelligence user interface - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2023/02/01 4:15 a.m.5 views

CVE-2022-42971

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to...

9.8CVSS6.3AI score0.01071EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/01/03 12:0 a.m.32 views

SAP NetWeaver AS Java XSS (3262544)

Due to insufficient input validation, SAP NetWeaver AS Java HTTP Provider Service - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality...

6.1CVSS6.2AI score0.00433EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.7 views

The vulnerability of the APC Easy UPS Online Monitoring Software lies in its ability to allow the loading of arbitrary files, which enables a intruder to execute arbitrary code.

The vulnerability of the APC Easy UPS Online Monitoring Software relates to the ability to load any arbitrary file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading any JSP file remotely...

10CVSS8.2AI score0.01071EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/12/01 6:15 a.m.4 views

CVE-2022-36431

An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1...

9.8CVSS6.1AI score0.0113EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.4 views

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which stems from a security issue with the UserForm:jid90 parameter in /SVFE2/pages/feegroups/mccgroup.jsf...

9.8CVSS8.3AI score0.00929EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/09/19 12:0 a.m.4 views

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which originates from an SQL injection that can be achieved by an attacker via the voiceAudit:jid97 parameter of the /SVFE2/pages/audit/voiceaudit.jsf component...

8.8CVSS8.1AI score0.00889EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 7:27 p.m.41 views

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager (BPM) (CVE-2017-1583, CVE-2011-4343)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server. Information about security vulnerabilities affecting IBM WebSphere Application...

7.5CVSS7.7AI score0.05334EPSS
Exploits1Affected Software5
CNNVD
CNNVD
added 2022/09/13 12:0 a.m.3 views

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which originates from the UserForm:jid90 parameter in /feegroups/tgrtgroup.jsf contains a SQL injection vulnerability...

8.8CVSS8.2AI score0.00975EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2022/09/10 3:41 a.m.429 views

Exploit for Path Traversal in Sap Netweaver

CVE-2021-38163 CVE-2021-38163 - exploit for SAP Netveawer SAP...

9.9CVSS8.8AI score0.37149EPSS
Exploits1
CNNVD
CNNVD
added 2022/09/09 12:0 a.m.6 views

SmartVista SVFE2 SQL注入漏洞

SmartVista SVFE2 is a subsystem of SmartVista, Inc. A security vulnerability exists in SmartVista SVFE2 version v2.2.22, which originates via the UserForm:jid88, UserForm:jid90, and UserForm:jid92 parameters in /SVFE2/pages/feegroups/servicegroup.jsf contain multiple SQL injection vulnerabilities...

8.8CVSS8.2AI score0.00926EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/08/08 12:0 a.m.20 views

Expression Language Injection

Expression Language EL has been defined as part of the Java Server Pages Standard Tag Library JSTL in order to offer developers a simple way to output data from an object model. Starting from the JSP 2.0 specification, Expression Language has been made available within JSP pages, but it is also...

8.1AI score
Exploits0References2
OSV
OSV
added 2022/08/06 5:47 a.m.2 views

GHSA-QP5M-C3M9-8Q2P JSPUI vulnerable to path traversal in submission (resumable) upload

Impact The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters durin...

8.2CVSS5.8AI score0.00868EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.7 views

PT-2022-20601 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 5.11 DSpace versions prior to 6.4 Description: The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form, making item requests vulnerable to XSS attacks. Th...

7.1CVSS6.1AI score0.0059EPSS
Exploits0References9
Rows per page
Query Builder