EUVD-2001-0396

Malware in sbrugna...

wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to the main page; the 2 beanReference parameter to the JavaBean viewer page; or the 3 pyTableName to the System database schema...

CVE-2017-11355

Multiple cross-site scripting XSS vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to the main page; the 2 beanReference parameter to the JavaBean viewer page; or the 3 pyTableName to the System database schema...

CVE-2017-11355

Pegasystems PEGA Platform 7.2 ML0 and earlier are affected by multiple XSS vulnerabilities (CVE-2017-11355) allowing remote attackers to inject arbitrary scripts via PATH_INFO, the JavaBean viewer beanReference, or pyTableName on the System database schema modification page; CVE-2017-11356 also a...

PEGA Platform 7.2 ML0 - Missing Access Control Cross-Site Scripting

PEGA Platform 7.2 ML0 - Missing Access Control Cross-Site Scripting Summary ======= 1. Missing access control CVE-2017-11356 2. Multiple cross-site scripting CVE-2017-11355 Vendor ====== "Pegasystems Inc. is the leader in software for customer engagement and operational excellence. Pega’s adaptiv...

CVE-2017-4971: Spring WebFlow remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Spring severe of these vulnerabilities have traditionally not too much, before the more serious that problem is Spring's JavaBean automatic binding function, the result can be control class, which can lead to the use of certain characteristics of the execution of arbitrary code, but that...

SpringMVC in the XXE vulnerability testing-vulnerability warning-the black bar safety net

SpringMVC framework support for XML to Object mapping, the interior is the use of two global interface Marshaller and Unmarshaller, one implementation is to use the Jaxb2Marshaller class implementation, the class nature implements two global interfaces for XML and Object bi-directional parsing. A...

Caucho Technology Resin 1.2/1.3 JavaBean Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside in a protected...

OEJP Daemon Detection

The remote host is running an OEJP OpenEJB Enterprise Javabean Protocol daemon, a fast and lightweight EJB server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid26195; scriptversion"1.9";...

CVE-2004-0713

The remove method in a stateful Enterprise JavaBean EJB in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from...

CVE-2001-0399

CVE-2001-0399 affects Caucho Resin 1.3b1 and earlier. A path traversal / information disclosure flaw lets remote attackers read Javabean source by inserting a .jsp before the WEB-INF specifier in an HTTP request. OpenVAS entries corroborate the issue as a remote vulnerability with a 5.0 CVSS base...

ecurity Advisory(CSA-200111)

Topic: Resin 1.2. & 1.3b1 Javabean file disclosure vulnerability vulnerable: ============= winnt/2000maybe other operating system also +Resin 1.2. +Resin 1.3b1 discussion: =========== A security vulnerability has been found in Windows NT/2000 systems that have Resin 1.2. or Resin 1.3b1 installed...

Caucho Technology Resin 1.2/1.3 - JavaBean Disclosure

source: https://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside in a protected directory, '/WEB-INF/classes/'...

Caucho Technology Resin 1.21.3 - JavaBean Disclosure

Caucho Technology Resin 1.21.3 - JavaBean Disclosure source: https://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside ...