79 matches found
co.luminositylabs.oss.ica.migration:legacy-data-viewer-webapp (=0.2.0), com.aripd:aricom (=1.0) +13 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=2.1 <=2.7.1)
org.omnifaces:omnifaces MAVEN version =2.1, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =2.2.3, =1.0.0-RC1, =1.0.0, =0.1, =0.14 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...
CVE-2024-2227
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
EUVD-2016-4531
Malware in sbrugna...
EUVD-2011-1375
Malware in sbrugna...
EUVD-2024-27183
Malicious code in bioql PyPI...
EUVD-2022-49617
Malicious code in bioql PyPI...
CVE-2024-13980
H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...
CVE-2022-46835
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due t...
CVE-2024-2227
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
CVE-2024-2227 IdentityIQ JavaServer Faces File Path Traversal Vulnerability
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces JSF 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the...
PT-2024-19297
Name of the Vulnerable Software and Affected Versions SailPoint IdentityIQ affected versions not specified Description The issue is a path traversal vulnerability in JavaServer Faces JSF that allows access to arbitrary files in the application server file system. This can be exploited by an...
Oracle JavaServer Faces 路径遍历漏洞
Oracle JavaServer Faces is a user interface framework on Oracle's Java platform for building Web-based user interface components and applications. A path traversal vulnerability exists in Oracle JavaServer Faces JSF version 2.2.20 that originates from allowing access to arbitrary files in the...
CVE-2022-46835
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due t...
Path traversal
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due t...
CVE-2022-46835 SailPoint IdentityIQ JavaServer File Path Traversal Vulnerability
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due t...
Cross-site Scripting in Eclipse Mojarra
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled...
Apache MyFaces Vulnerable to Path Traversal
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...
GitHub Security Lab: [Java] CWE-079: Query to detect XSS with JavaServer Faces (JSF)
This bug was reported directly to GitHub Security Lab...
CVE-2011-4367
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces JSF in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. dot dot in the 1 ln parameter to faces/javax.faces.resource/web.xml or 2 the PATHINFO to...