EUVD-2018-14359

Malware in sbrugna...

CVE-2019-0355

SAP NetWeaver Application Server Java Web Container, ENGINEAPI before versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP-JEECOR before versions 6.40, 7.0, 7.01, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the...

CVE-2019-0327

SAP NetWeaver for Java Application Server - Web Container, engineapi, versions 7.1, 7.2, 7.3, 7.31, 7.4 and 7.5, servercode, versions 7.2, 7.3, 7.31, 7.4, 7.5, allows an attacker to upload files including script files without proper file format validation...

CVE-2018-2504

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

Cross site scripting

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

Unspecified Content Spoofing Vulnerability in SAP NetWeaver Application Server Java Web Container and HTTP Service

SAP NetWeaver is Germany's SAP SAP company's set of service-oriented integrated application platform, the platform can provide development and operation environment for SAP applications. Application Server Java Web Container is one of the Java application running environment; HTTP Service is an...

WebSphere “Java 反序列化”过程远程命令执行漏洞

满足此漏洞的环境配置 漏洞源头commons-collections.jar 开启的SOAP端口8880. /opt/IBM/WebSphere/AppServer/properties/wsadmin.properties 测试websphere的环境版本号7.0.0.11，目前最新的版本是8.5.5 漏洞影响 ZoomEye 团队针对全球开放8880端口的289.6万服务器进行了漏洞验证，已经确认其中963台服务器存在该风险 关联漏洞链接 1. JBoss “Java 反序列化”过程远程命令执行漏洞 https://www.sebug.net/vuldb/ssvid-89723 2...