CVE-2018-6446

Brocade Network Advisor prior to 14.3.1 is affected by CVE-2018-6446. The issue allows an unauthenticated, remote attacker to log in to the JBoss Administration interface using undocumented credentials and install additional JEE applications. Affected component is the JBoss Web Console interface ...

CVE-2018-6446

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications...

Cross site scripting

A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who...

CVE-2018-6443

A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who...

Denial of Service Vulnerability in JeeCMS v8.1 Data Restore Function

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program , WeChat public number / service number , column model , content model cross-customization , as well as with payment and financial settlement of the content of the e-commerce as one of the conte...

JEE产品存在后台代码执行漏洞

简要描述： jee产品后台某功能存在任意代码执行漏洞 详细说明： 后台模板编辑功能使用了freemarker模板，存在服务端模板注入漏洞，可以被利用执行任意代码。 漏洞证明： 在模板编辑功能中选择一个模板，以footer.html为例，加入poc，代码会被freemarker引擎解析，造成代码执行，在首页底部就可以看到命令执行结果了。 代码执行结果...

JEE某CMS系统存储XSS（可打用户COOKIES）

简要描述： JEE某CMS系统存储XSS（可打用户COOKIES）通用型！ 详细说明： 漏洞证明： http://demo3.jeecms.com 我就随便注册一个账号。然后随便选一个商品进行购买，直到支付宝支付的页面停止就不用真正的付款了，这样才会生成一个订单。因为漏洞存在在商品评论处，评论商品需要购买才可以，经过测试随便选一个商品购买然后到支付宝页面去就停止了不用真正付款然后就会生产订单就可以评论了！ 可以看到是处于还没付款的状态，现在我们就去商品的评论去看看吧。 现在去平台看一下：...

[SECURITY] CVE-2014-0111 Apache Syncope

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0111: Remote code execution by an authenticated administrator Severity: Important Vendor: The Apache Software Foundation Versions Affected: Syncope 1.0.0 to 1.0.8 Syncope 1.1.0 to 1.1.6 Description: In the various places in which Apache Commo...

Apache Syncope特制Commons JEXL表达式远程代码执行漏洞

CVE ID:CVE-2014-0111 Apache Syncope是用在企业环境的数字身份管理,在JEE技术的实施和Apache 2.0许可下发布的开源系统。 Apache Syncope处理特制的Apache Commons JEXL表达式存在安全漏洞，允许通过验证的远程攻击者通过运行Apache Syncope core的JEE container来执行任意代码。 0 Apache Syncope 1.0.0 Apache Syncope 1.0.8 Apache Syncope 1.1.0 Apache Syncope 1.1.6 Apache Syncope 1.0.9,...

Indian Institute Bansal IIT-JEE Hacked, Student Database Leaked by Cyb3R_Shubh4M

Indian Institute Bansal IIT-JEE Hacked, Student Database Leaked by Cyb3RShubh4M Hacked Site : https://bansaliitjee.com/ Student Database Leaked, Downlaod : Link Removed For Safety...