303 matches found
Cisco Unity Connection Directory Traversal Vulnerability
A vulnerability in the attachment service of Cisco Unity Connection, known as Cisco Unity Web Service or as Voice Message Web Service VMWS, could allow an authenticated, remote attacker to place files in arbitrary locations on an affected device. The vulnerability is due to a failure to properly...
Oracle GlassFish Server Multiple Vulnerabilities (October 2013 CPU)
The version of GlassFish Server running on the remote host is affected by multiple vulnerabilities in the following components : - Java Server Faces - Metro C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70482; scriptversion"1.12"; scriptcvsdate"Date: 2018/11/15...
CVE-2013-3827
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...
CVE-2013-3827
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...
Buffer overflow
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...
CVE-2013-3827
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0...
CVE-2013-3827
CVE-2013-3827 affects Oracle GlassFish Server components in Fusion Middleware 2.1.1, 3.0.1, 3.1.2; Oracle JDeveloper in 11.1.2.3.0, 11.1.2.4.0, 12.1.2.0.0; and Oracle WebLogic Server in Fusion Middleware 10.3.6.0 and 12.1.1. The vulnerability, related to JavaServer Faces/Web Container handling, a...
Tomcat/JBossWeb: Arbitrary file upload via deserialization
It was possible for an attacker, using complex and limited conditions, to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP...
Tomcat/JBossWeb: Arbitrary file upload via deserialization
It was possible for an attacker, using complex and limited conditions, to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP...
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against: Microsoft Windows Server 2003 r2 sp2...
ManageEngine DeviceExpert 5.6 Java Server Directory Traversal
Exploit for jsp platform in category web applications ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file...
Cloupia End-to-end FlexPod Management - Directory Traversal
Cloupia End-to-end FlexPod Management - Directory Traversal Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes...
Cloupia End-To-End FlexPod Management Directory Traversal
Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: Yes Software Description Provides...
xMatters AlarmPoint APClient 3.2.0 Heap Buffer Overflow
Information -------------------- Name : Heap Buffer Overflow in xMatters AlarmPoint APClient Version: APClient 3.2.0 native Software : xMatters AlarmPoint Vendor Homepage : http://www.xmatters.com Vulnerability Type : Heap Buffer Overflow Md5: 283d98063323f35deb7afbd1db93d859 APClient.bin Severit...
Oracle to release 73 security vulnerabilities security patch update !
Oracle to release 73 security vulnerabilities security patch update ! Oracle plans to release a large number of security patches for its various software products next week, including six bug-fixes for its flagship database software. All told, there will be 73 security vulnerabilities fixed acros...
SAP Crystal Reports 2008 Directory Traversal
SAP Crystal Reports is a business intelligence application which is used to design and generate reports from various data sources. These sources include databases, spreadsheets, text files, XML files, etc. SAP Crystal Reports installation includes Tomcat Web server and various servlet components ...
CGI Generic Padding Oracle
By manipulating the padding on an encrypted string, Nessus was able to generate an error message that indicates a likely 'padding oracle' vulnerability. Such a vulnerability can affect any application or framework that uses encryption improperly, such as some versions of ASP.net, Java Server Face...
CVE-2009-5000
Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...
Adobe JRun 4 Server File Disclosure (CVE-2004-0928)
Adobe JRun is an application server used to deploy J2EE Java 2 Enterprise Edition applications, JSPs Java Server Pages, and other Java applications. It can be used as a stand-alone web server or can be accessed through other web servers including IIS and Apache. With IIS, JRun can be registered t...
Project Woodstock 404 Error Page UTF-7 Encoded XSS
The remote web server contains a web application built using Woodstock components, which are user interface components for the web- based on Java Server Faces and AJAX. Woodstock is part of Sun Glassfish Enterprise Server and can also be used with other Java web containers, such as JBoss, Tomcat,...