Lucene search
K

103 matches found

UbuntuCve
UbuntuCve
added 2012/07/17 10:55 p.m.23 views

CVE-2011-4358

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF...

6.4CVSS5.9AI score0.01648EPSS
Exploits0References1
CVE
CVE
added 2012/07/17 10:0 p.m.71 views

CVE-2011-4358

CVE-2011-4358 affects Oracle GlassFish Server (3.0.1/3.1.1) via a JSF-related expression evaluation flaw that can allow remote attackers to affect confidentiality and integrity. The OpenVAS entry labels this as an Oracle GlassFish Server Expression Evaluation Security Bypass vulnerability (CVSS ~...

6.4CVSS5.9AI score0.01648EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/07/17 10:0 p.m.28 views

CVE-2011-4358

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF...

5.8AI score0.01648EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2012/07/17 10:0 p.m.34 views

CVE-2011-4358

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF...

6.4CVSS6.2AI score0.01648EPSS
Exploits0
seebug.org
seebug.org
added 2011/11/22 12:0 a.m.25 views

IBM WebSphere Application Server JSF应用请求处理信息泄露漏洞

CVE ID:CVE-2011-1368 IBM WebSphere Application Server WAS是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。 WebSphere Application Server允许远程攻击者获得敏感信息,问题是由于不正确处理JSF应用请求,远程攻击者可未授权查看主机系统上的文件。 IBM WebSphere Application Server 8.0.x 厂商解决方案 IBM WebSphere Application Server 8.0.0 Fix Pack 1...

5CVSS6.6AI score0.01931EPSS
Exploits1
OpenVAS
OpenVAS
added 2011/11/03 12:0 a.m.20 views

IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability

The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbibmwasjsfinfodisclosurevuln.nasl 7024 2017-08-30 11:51:43Z teissa $ IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability...

5CVSS6.1AI score0.01931EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2011/11/03 12:0 a.m.18 views

IBM WebSphere Application Server 8.x < 8.0.0.1 Information Disclosure Vulnerability

IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5CVSS6.2AI score0.01931EPSS
Exploits1References5
Cvelist
Cvelist
added 2011/10/29 10:0 a.m.24 views

CVE-2011-1368

The JavaServer Faces JSF application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors...

6.3AI score0.01931EPSS
Exploits1References3
CVE
CVE
added 2011/10/29 10:0 a.m.60 views

CVE-2011-1368

Summary: CVE-2011-1368 affects IBM WebSphere Application Server 8.x prior to 8.0.0.1, where the JSF request handling could allow remote attackers to read unspecified files via unknown vectors (information disclosure). What’s affected: IBM WebSphere Application Server 8.x with the JSF component be...

5CVSS6.4AI score0.01931EPSS
Exploits1References3Affected Software1
ThreatPost
ThreatPost
added 2011/06/30 9:48 p.m.8 views

Joint Strike Fighter hack

The Department of Defense’s costliest weapons program ever was allegedly no match for hackers as spies broke into the Pentagon’s $300 billion Joint Strike Fighter JSF project in 2007. Details continue to be scarce to this day but former U.S. officials claim the attacks can be traced back to China...

1.3AI score
Exploits0References3
Fedora
Fedora
added 2011/06/15 5:46 a.m.30 views

[SECURITY] Fedora 13 Update: jabberd-2.2.11-4.fc13

The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...

7.5CVSS2.2AI score0.03659EPSS
Exploits0
seebug.org
seebug.org
added 2010/07/29 12:0 a.m.148 views

JBoss Seam参数化EL表达式远程代码执行漏洞

BUGTRAQ ID: 41994 CVECAN ID: CVE-2010-1871 JBoss Seam是一个Java EE5框架,把JSF与EJB3.0组件合并在一起,从而为开发基于Web的企业应用程序提供一个最新的模式。 JBoss Seam处理某些参数化JBoss EL表达式的方式存在输入过滤漏洞。如果远程攻击者能够诱骗通过认证的JBoss Seam用户访问特制的网页,就可能导致执行任意代码。 JBoss Seam 2.0.2 SP1 JBoss Seam 2.0.2 JBoss Seam 2.0 厂商补丁: RedHat ------...

6.8CVSS1.3AI score0.83397EPSS
Exploits8
Prion
Prion
added 2009/11/23 5:30 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...

4.3CVSS5.9AI score0.01982EPSS
Exploits0References8Affected Software2
NVD
NVD
added 2009/11/23 5:30 p.m.21 views

CVE-2009-4052

Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...

4.3CVSS5.6AI score0.01982EPSS
Exploits0References8
Cvelist
Cvelist
added 2009/11/23 5:0 p.m.26 views

CVE-2009-4052

Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...

5.6AI score0.01982EPSS
Exploits0References8
OSV
OSV
added 2009/05/06 4:30 p.m.6 views

UBUNTU-CVE-2009-1553

Multiple cross-site scripting XSS vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 applications/applications.jsf, 2 configuration/configuration.jsf, 3 customMBeans/customMBeans.jsf, ...

4.3CVSS5.8AI score0.08199EPSS
Exploits1References2
NVD
NVD
added 2008/06/18 7:41 p.m.26 views

CVE-2008-2751

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

4.3CVSS5.7AI score0.04376EPSS
Exploits0References4
Prion
Prion
added 2008/03/11 5:44 p.m.30 views

Cross site scripting

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

4.3CVSS5.8AI score0.02537EPSS
Exploits1References14Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/06/19 12:0 a.m.146 views

Apache MyFaces Tomahawk JSF Application autoscroll Multiple XSS

The remote web server uses an implementation of the Apache MyFaces Tomahawk JSF framework that fails to sanitize user-supplied input to the 'autoScroll' parameter before using it to generate dynamic content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrar...

4.3CVSS5.8AI score0.44453EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/06/18 10:0 a.m.27 views

CVE-2007-3101

Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...

5.8AI score0.44453EPSS
Exploits0References7
Rows per page
Query Builder