Lucene search
K

84 matches found

CVE
CVE
added 2016/04/11 2:0 p.m.71 views

CVE-2016-0710

CVE-2016-0710 affects Apache Jetspeed’s User Manager SQL injection vulnerability. The issue allows remote attackers to manipulate the back-end database by injecting SQL through the (1) role or (2) user parameter to services/usermanager/users/, before Jetspeed 2.3.1. Public references in the conne...

8.8CVSS9.3AI score0.52351EPSS
Exploits5References6Affected Software1
CVE
CVE
added 2016/04/11 2:0 p.m.92 views

CVE-2016-0709

CVE-2016-0709 is a directory traversal vulnerability in the Apache Jetspeed Portal Site Manager Import/Export function. An authenticated administrator could craft a ZIP archive containing dot-dot sequences to place arbitrary files (e.g., a JSP) on disk, enabling remote code execution. Affected ve...

9CVSS7AI score0.77495EPSS
Exploits5References6Affected Software1
CVE
CVE
added 2016/04/11 2:0 p.m.56 views

CVE-2016-0711

Apache Jetspeed is vulnerable to cross-site scripting via the title field when adding a link, page, or folder, due to insufficient validation of user input. A remote attacker could inject scripts into pages viewed by users, potentially executing in the browser and, per IBM advisory, may enable th...

6.1CVSS6.3AI score0.03065EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2016/04/11 2:0 p.m.71 views

CVE-2016-0712

CVE-2016-0712 is a cross-site scripting (XSS) vulnerability in Apache Jetspeed, reported as exploitable via the URI path (PATH_INFO) when accessing JetSpeed portals (prior to 2.3.1). The core issue is improper validation of user-supplied input in the portal path, enabling remote attackers to inje...

6.1CVSS6AI score0.03203EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2016/04/01 12:0 a.m.14 views

Apache Jetspeed Detection

Detection of Apache Jetspeed Open Portal. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2016/04/01 12:0 a.m.32 views

Apache Jetspeed Multiple Vulnerabilities (Mar 2016)

Apache Jetspeed is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:jetspeed"; if...

9CVSS6.8AI score0.77495EPSS
Exploits9References2
0day.today
0day.today
added 2016/03/31 12:0 a.m.69 views

Apache Jetspeed - Arbitrary File Upload (Metasploit)

Exploit for java platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecure...

9CVSS7.8AI score0.77495EPSS
Exploits7
Packet Storm
Packet Storm
added 2016/03/31 12:0 a.m.47 views

Apache Jetspeed Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...

9CVSS7.8AI score0.77495EPSS
Exploits7
Exploit DB
Exploit DB
added 2016/03/31 12:0 a.m.75 views

Apache Jetspeed - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...

8.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/28 12:0 a.m.13 views

Apache Jetspeed Detection

Binary data apachejetspeeddetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/03/28 12:0 a.m.21 views

Apache Jetspeed Portal URI Path Reflected XSS

The Apache Jetspeed application running on the remote host is affected by a reflected cross-site scripting XSS vulnerability in the /portal script due to improper validation of URI path input before returning it to the users. An unauthenticated, remote attacker can exploit this, via a specially...

6.1CVSS7.1AI score0.03203EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2016/03/28 12:0 a.m.35 views

Apache Jetspeed User Manager Service SQLi

The Apache Jetspeed application running on the remote host is affected by a SQL injection vulnerability in the User Manager service due to improper sanitization of user-supplied input to the 'user' and 'role' parameters. An unauthenticated, remote attacker can exploit this to inject SQL queries,...

8.8CVSS8AI score0.52351EPSS
Exploits5References2
Metasploit
Metasploit
added 2016/03/24 12:22 a.m.73 views

Apache Jetspeed Arbitrary File Upload

This module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, version 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file...

8.8CVSS7.8AI score0.77495EPSS
Exploits7
CNVD
CNVD
added 2016/03/16 12:0 a.m.4 views

Apache Jetspeed Cross-Site Scripting Vulnerability (CNVD-2016-01717)

Jetspeed is the United States Apache Apache Software Foundation of a set of open portal platform and enterprise information portal using Java and XML development. A cross-site scripting vulnerability exists in Jetspeed versions 2.2.0 through 2.2.2, which stems from the program allowing HTML tags ...

6.1CVSS6AI score0.03065EPSS
Exploits1References1
CNVD
CNVD
added 2016/03/16 12:0 a.m.6 views

Apache Jetspeed Cross-Site Scripting Vulnerability

Jetspeed is the United States Apache Apache Software Foundation of a set of open portal platform and enterprise information portal using Java and XML development. A cross-site scripting vulnerability exists in Jetspeed versions 2.2.0 through 2.2.2. The vulnerability can be exploited to inject...

6.1CVSS6AI score0.03203EPSS
Exploits1References1
seebug.org
seebug.org
added 2016/03/15 12:0 a.m.19 views

Apache Jetspeed 存储型跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/14 12:0 a.m.16 views

Apache Jetspeed跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
myhack58
myhack58
added 2016/03/10 12:0 a.m.27 views

Portal Apache Jetspeed 2.3.0 and earlier versions: a remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

! As my personal“friendship detect open source software security”one of the projects I'm ready to play play the Apache Jetspeed 2, which v2. 3 0 one. Jetspeed this stuff, used those words, that is: “An open portal platform and enterprise information portal, completely based on open standards,...

0.3AI score
Exploits0
CNVD
CNVD
added 2016/03/09 12:0 a.m.11 views

Apache Jetspeed Directory Traversal Vulnerability

Jetspeed is based on Java and XML open source enterprise information portal implementation . Jetspeed can integrate a variety of data sources , through the XSL technology will be organized into a Jsp page data or Html page to the client ; Jetspeed also supports templates and content publishing...

9CVSS7.3AI score0.77495EPSS
Exploits7References1
CNVD
CNVD
added 2016/03/09 12:0 a.m.10 views

Apache Jetspeed User Management REST API Unauthorized Access Vulnerability

Jetspeed is based on Java and XML open source enterprise information portal implementation . Jetspeed can integrate a variety of data sources , through the XSL technology will be organized into a Jsp page data or Html page to the client ; Jetspeed also supports templates and content publishing...

8.8CVSS6.8AI score0.52351EPSS
Exploits5References1
Rows per page
Query Builder