EUVD-2011-4036

Malware in sbrugna...

EUVD-2007-1154

Malware in sbrugna...

EUVD-2014-0152

Malware in sbrugna...

EUVD-2016-9495

Malware in sbrugna...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.0 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jexboss

This is a Python script for a tool called JexBoss, which is designed to exploit vulnerabilities in JBoss Application Server and other Java platforms. The script is written in Python 2.7 and uses the urllib3 library for HTTP requests. The script has several modules, including exploits.py,...

Information Disclosure

jboss is vulnerable to information disclosure. The vulnerability exists as JMX password was logged in plain text to "twiddle.log"...

POC-T

This is a Python-based penetration testing framework called POC-T. It is designed to facilitate concurrent testing and provides a variety of features for vulnerability scanning and exploitation. The framework includes a range of built-in scripts for testing various vulnerabilities, including SQL...

VulnCheck KEV: CVE-2007-1036

The default configuration of JBoss does not restrict access to the 1 console and 2 web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests...

CVE-2016-8656

Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation...

JBoss 4.2.0 WebConsole/Invoker DeploymentFileRepository 代码执行漏洞

No description provided by source...

CVE-2012-3369

CVE-2012-3369 affects JBoss EAP 5.x and related platforms: CallerIdentityLoginModule can permit privilege escalation to the previous user when a null password is provided, allowing remote privilege gain. Impacted products/versions (as per description) include JBoss EAP before 5.2.0, Web Platform ...

JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure

The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...

JBoss: SecurityAssociation.getCredential() will return the previous credential if no security context is provided

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remot...

Cisco MARS < 4.2.1 remote compromise

Cisco MARS Monitoring, Analysis and Response System, sometimes referred to as CS-MARS prior to version 4.2.1 ships with an unprotected JBoss installation which ultimately leads to a complete compromise of the device. The caveat here is that, despite much work on Cisco's part, they were not able t...

CVE-2003-0845

Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to 1 TCP port 1701 in JBoss 3.2.1, a...

JBoss 3.0.83.2.1 - HSQLDB Remote Command Injection

JBoss 3.0.83.2.1 - HSQLDB Remote Command Injection source: https://www.securityfocus.com/bid/8773/info A remote command-injection vulnerability has been reported in JBoss. The issue is reportedly exposed via the HSQLDB component, which is a SQL database server that manages JMS connections. Becaus...

JBoss 3.0.8/3.2.1 - HSQLDB Remote Command Injection

source: https://www.securityfocus.com/bid/8773/info A remote command-injection vulnerability has been reported in JBoss. The issue is reportedly exposed via the HSQLDB component, which is a SQL database server that manages JMS connections. Because of a number of flaws, an attacker can pass comman...