CVE-2015-4744

Technical details about CVE-2015-4744 are not provided in the supplied documents; no explicit affected products/versions or impact are disclosed. Monitor for updates.

CVE-2015-2623

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity via unknown vectors related ...

CVE-2015-4744

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via unknown vectors...

Oracle GlassFish Server Multiple Vulnerabilities (July 2015 CPU)

The version of Oracle GlassFish Server running on the remote host is affected by multiple vulnerabilities : - A security bypass vulnerability exists in the bundled Network Security Services NSS library because the definitelengthdecoder function, in file quickder.c, does not properly form the DER...

SAP ABAP & Java Server Denial of Service Vulnerability

SAP ABAP & Java Server is a German SAP SAP company running in NetWeaver for SAP applications to provide a development and runtime environment for the application platform and based on the ABAP high-level programming language and Java programming language application server. A security vulnerabili...

CVE-2015-4158

SAP ABAP & Java Server allows remote attackers to cause a denial of service service termination via unspecified vectors, aka SAP Security Note 2121661...

Code injection

SAP ABAP & Java Server allows remote attackers to cause a denial of service service termination via unspecified vectors, aka SAP Security Note 2121661...

CVE-2015-4158

Technical details about CVE-2015-4158 are not publicly available in the provided connected documents; monitoring for updates is advised.

SAP NetWeaver directory creation outside of the JVM

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: SAP Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli ERPScan VULNERABILITY...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

ManageEngine ServiceDesk Remote Code Execution Vulnerability

ManageEngine SeviceDesk Plus is a comprehensive helpdesk and asset management software that provides an integrated console for IT administrators and desktop agents. A remote code execution vulnerability exists in ManageEngine ServiceDesk due to a failure to properly handle JSP uploads when... /...

UBUNTU-CVE-2013-4444

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability

No description provided by source...

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

Design/Logic Flaw

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

Java Faces Miniwebshell

Всем привет, немного посмотрел java server faces. Если у вас есть возможнось загрузить shell.xhtml и как-то проинклудить его, то вот небольшой вебшелл. Соус в том, что мы не можем создавать переменные или что-то куда-то нормально присваивать. Но можем вызывать стейтменты, подгружать классы и в...