103 matches found
CVE-2011-4358
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF...
CVE-2011-4358
CVE-2011-4358 affects Oracle GlassFish Server (3.0.1/3.1.1) via a JSF-related expression evaluation flaw that can allow remote attackers to affect confidentiality and integrity. The OpenVAS entry labels this as an Oracle GlassFish Server Expression Evaluation Security Bypass vulnerability (CVSS ~...
CVE-2011-4358
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF...
CVE-2011-4358
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF...
IBM WebSphere Application Server JSF应用请求处理信息泄露漏洞
CVE ID:CVE-2011-1368 IBM WebSphere Application Server WAS是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。 WebSphere Application Server允许远程攻击者获得敏感信息,问题是由于不正确处理JSF应用请求,远程攻击者可未授权查看主机系统上的文件。 IBM WebSphere Application Server 8.0.x 厂商解决方案 IBM WebSphere Application Server 8.0.0 Fix Pack 1...
IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbibmwasjsfinfodisclosurevuln.nasl 7024 2017-08-30 11:51:43Z teissa $ IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability...
IBM WebSphere Application Server 8.x < 8.0.0.1 Information Disclosure Vulnerability
IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2011-1368
The JavaServer Faces JSF application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors...
CVE-2011-1368
Summary: CVE-2011-1368 affects IBM WebSphere Application Server 8.x prior to 8.0.0.1, where the JSF request handling could allow remote attackers to read unspecified files via unknown vectors (information disclosure). What’s affected: IBM WebSphere Application Server 8.x with the JSF component be...
Joint Strike Fighter hack
The Department of Defense’s costliest weapons program ever was allegedly no match for hackers as spies broke into the Pentagon’s $300 billion Joint Strike Fighter JSF project in 2007. Details continue to be scarce to this day but former U.S. officials claim the attacks can be traced back to China...
[SECURITY] Fedora 13 Update: jabberd-2.2.11-4.fc13
The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...
JBoss Seam参数化EL表达式远程代码执行漏洞
BUGTRAQ ID: 41994 CVECAN ID: CVE-2010-1871 JBoss Seam是一个Java EE5框架,把JSF与EJB3.0组件合并在一起,从而为开发基于Web的企业应用程序提供一个最新的模式。 JBoss Seam处理某些参数化JBoss EL表达式的方式存在输入过滤漏洞。如果远程攻击者能够诱骗通过认证的JBoss Seam用户访问特制的网页,就可能导致执行任意代码。 JBoss Seam 2.0.2 SP1 JBoss Seam 2.0.2 JBoss Seam 2.0 厂商补丁: RedHat ------...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...
CVE-2009-4052
Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...
CVE-2009-4052
Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...
UBUNTU-CVE-2009-1553
Multiple cross-site scripting XSS vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 applications/applications.jsf, 2 configuration/configuration.jsf, 3 customMBeans/customMBeans.jsf, ...
CVE-2008-2751
Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...
Cross site scripting
Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Apache MyFaces Tomahawk JSF Application autoscroll Multiple XSS
The remote web server uses an implementation of the Apache MyFaces Tomahawk JSF framework that fails to sanitize user-supplied input to the 'autoScroll' parameter before using it to generate dynamic content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrar...
CVE-2007-3101
Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...