84 matches found
CVE-2016-0710
CVE-2016-0710 affects Apache Jetspeed’s User Manager SQL injection vulnerability. The issue allows remote attackers to manipulate the back-end database by injecting SQL through the (1) role or (2) user parameter to services/usermanager/users/, before Jetspeed 2.3.1. Public references in the conne...
CVE-2016-0709
CVE-2016-0709 is a directory traversal vulnerability in the Apache Jetspeed Portal Site Manager Import/Export function. An authenticated administrator could craft a ZIP archive containing dot-dot sequences to place arbitrary files (e.g., a JSP) on disk, enabling remote code execution. Affected ve...
CVE-2016-0711
Apache Jetspeed is vulnerable to cross-site scripting via the title field when adding a link, page, or folder, due to insufficient validation of user input. A remote attacker could inject scripts into pages viewed by users, potentially executing in the browser and, per IBM advisory, may enable th...
CVE-2016-0712
CVE-2016-0712 is a cross-site scripting (XSS) vulnerability in Apache Jetspeed, reported as exploitable via the URI path (PATH_INFO) when accessing JetSpeed portals (prior to 2.3.1). The core issue is improper validation of user-supplied input in the portal path, enabling remote attackers to inje...
Apache Jetspeed Detection
Detection of Apache Jetspeed Open Portal. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Apache Jetspeed Multiple Vulnerabilities (Mar 2016)
Apache Jetspeed is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:jetspeed"; if...
Apache Jetspeed - Arbitrary File Upload (Metasploit)
Exploit for java platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecure...
Apache Jetspeed Arbitrary File Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...
Apache Jetspeed - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...
Apache Jetspeed Detection
Binary data apachejetspeeddetect.nbin...
Apache Jetspeed Portal URI Path Reflected XSS
The Apache Jetspeed application running on the remote host is affected by a reflected cross-site scripting XSS vulnerability in the /portal script due to improper validation of URI path input before returning it to the users. An unauthenticated, remote attacker can exploit this, via a specially...
Apache Jetspeed User Manager Service SQLi
The Apache Jetspeed application running on the remote host is affected by a SQL injection vulnerability in the User Manager service due to improper sanitization of user-supplied input to the 'user' and 'role' parameters. An unauthenticated, remote attacker can exploit this to inject SQL queries,...
Apache Jetspeed Arbitrary File Upload
This module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, version 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file...
Apache Jetspeed Cross-Site Scripting Vulnerability (CNVD-2016-01717)
Jetspeed is the United States Apache Apache Software Foundation of a set of open portal platform and enterprise information portal using Java and XML development. A cross-site scripting vulnerability exists in Jetspeed versions 2.2.0 through 2.2.2, which stems from the program allowing HTML tags ...
Apache Jetspeed Cross-Site Scripting Vulnerability
Jetspeed is the United States Apache Apache Software Foundation of a set of open portal platform and enterprise information portal using Java and XML development. A cross-site scripting vulnerability exists in Jetspeed versions 2.2.0 through 2.2.2. The vulnerability can be exploited to inject...
Apache Jetspeed 存储型跨站脚本漏洞
No description provided by source...
Apache Jetspeed跨站脚本漏洞
No description provided by source...
Portal Apache Jetspeed 2.3.0 and earlier versions: a remote code execution vulnerability analysis-vulnerability warning-the black bar safety net
! As my personal“friendship detect open source software security”one of the projects I'm ready to play play the Apache Jetspeed 2, which v2. 3 0 one. Jetspeed this stuff, used those words, that is: “An open portal platform and enterprise information portal, completely based on open standards,...
Apache Jetspeed Directory Traversal Vulnerability
Jetspeed is based on Java and XML open source enterprise information portal implementation . Jetspeed can integrate a variety of data sources , through the XSL technology will be organized into a Jsp page data or Html page to the client ; Jetspeed also supports templates and content publishing...
Apache Jetspeed User Management REST API Unauthorized Access Vulnerability
Jetspeed is based on Java and XML open source enterprise information portal implementation . Jetspeed can integrate a variety of data sources , through the XSL technology will be organized into a Jsp page data or Html page to the client ; Jetspeed also supports templates and content publishing...