Benefits of hiring a Java web application development company

By Owais Sultan Are you considering developing a Java web application? While you may have the skills to do it yourself,… This is a post from HackRead.com Read the original post: Benefits of hiring a Java web application development company...

Ping Identity Self-Service Account Manager 跨站脚本漏洞

Ping Identity Self-Service Account Manager Ping Identity SSAM is a Java web application from Ping Identity, Inc. It enables users to perform their own account registration, profile updates, and password changes. A cross-site scripting vulnerability exists in Ping Identity Self-Service Account...

dst-admin 命令注入漏洞

dst-admin is a web program written in Java by qinming99, an individual developer. A command injection vulnerability exists in dst-admin version 1.5.0, which stems from an unknown function in the file /home/kickPlayer that can be injected with the parameter userId...

Apache Tapestry 代码问题漏洞

Apache Tapestry is a component-oriented framework for creating highly scalable Web applications in Java.A remote code execution vulnerability exists in Apache Tapestry, which can be exploited by attackers to cause remote code execution...

Cross site scripting

The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting XSS vulnerability...

CVE-2018-2371

The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting XSS vulnerability...

Oracle WebLogic Server WLS Security Component Deserialization Vulnerability

Added: 01/09/2018 BID: 101304 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server has a vulnerability in the WLS Security wls-wsat component that could allow an unauthenticated remote attacker who has HTTP access to the...

Oracle WebLogic Apache Commons library deserialization vulnerability

Added: 11/20/2015 CVE: CVE-2015-4852 BID: 77539 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Apache Commons is a widely used Java library which is included in WebLogic Server. Problem A vulnerability in the Apache Commons library used by Oracl...

ManageEngine Desktop Central Remote Security Bypass

The version of ManageEngine Desktop Central running on the remote host is affected by a remote security bypass vulnerability, due to a failure to restrict access to 'DCPluginServelet'. This allows an unauthenticated, remote attacker to create an account with full administrative privileges within...

ManageEngine Desktop Central Remote Security Bypass (Intrusive Check)

The version of ManageEngine Desktop Central running on the remote host is affected by a remote security bypass vulnerability, due to a failure to restrict access to 'DCPluginServelet'. This allows an unauthenticated, remote attacker to create an account with full administrative privileges within...

Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products

Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller MVC architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts a...

Apache Struts远程命令执行和任意文件覆盖漏洞

Bugtraq ID: 51257 Apache Struts是一款建立Java web应用程序的开放源代码架构。 Apache Struts存在安全漏洞，允许攻击者利用漏洞执行任意命令或覆盖任意文件 -Apache Struts存在一个输入过滤错误，如果遇到转换错误可被利用注入和执行任意Java代码。 -当处理COOKIE名称过程中CookieInterceptor类没有正确限制对某些静态模式的访问，可被利用执行任意命令。 -部分未明输入在用于创建文件之前没有由ParameterInterceptor进行正确过滤，可被利用通过目录遍历攻击创建或覆盖任意文件。 0 Apache Stru...

Apache Struts会话篡改安全绕过漏洞

Bugtraq ID: 50940 Apache Struts是一款建立Java web应用程序的开放源代码架构 Apache Struts存在安全漏洞，允许恶意用户绕过部分安全限制。 org.apache.struts2.interceptor.SessionAware或org.apache.struts2.interceptor.RequestAware接口没有正确阻止对会话映射的访问，可被利用向使用组合自动绑定接口的应用程序发送特制请求，可更改会话映射 Apache Software Foundation Struts 2.1.8 .1 Apache Software...

Novell iManager getMultiPartParameters Unauthorized File Upload

Novell iManager is a web-based administration console that provides management of many other Novell products. The iManager service itself is a Java web application running on top of the Tomcat application container. An unauthorized file upload vulnerability has been reported in Novell iManager. T...

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

Novell iManager Class Name Remote Buffer Overflow (CVE-2010-1929)

Novell iManager is a web-based administration console that provides management of many other Novell products. The iManager service itself is a Java web application running on top of the Tomcat application container. A buffer overflow vulnerability exists in Novell iManager. The vulnerability is d...