TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability

TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dum...

PT-2025-23111 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the TeleMessage service, which is based on a JSP application. In this application, the heap content is similar to a "core dump", where a password previously sent over HTTP...

EUVD-2025-16214

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...

VulnCheck KEV: CVE-2025-48928

TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dum...

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...

ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

Sun ONE Application Server 7.0 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters, making it prone to cross-site...

Apache Tomcat Manager Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 /Apache.Coyote|Tomcat/ CSRFVAR = 'CSRFNONCE=' include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initializeinfo =...

Apache Tomcat 'log/logdir'目录不安全文件权限漏洞

Bugtraq ID:58124 Apache Tomcat是一款开放源码的JSP应用服务器程序。 Apache Tomcat创建的log/logdir日志文件全局可读，本地攻击者可以利用漏洞获得敏感信息。 0 Apache Tomcat 厂商解决方案 目前没有详细解决方案提供： http://tomcat.apache.org...

Apache Tomcat Manager Application Deployer Authenticated Code Execution

This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is no...

Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit)

$Id: tomcatmgrdeploy.rb 11330 2010-12-14 17:26:44Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Apache Tomcat Manager Application Deployer Upload and Execute

$Id: tomcatmgrdeploy.rb 8552 2010-02-18 18:18:43Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Orion Application Server Web Examples Multiple XSS

The remote web server uses Orion Application Server, an application server hosted on a Java2 platform. It currently makes available at least one example JSP application that fails to sanitize user-supplied input before using it to generate dynamic HTML output. Specifically, the 'item' parameter o...

Sun Java System Identity Manager Detection

Sun Java System Identity Manager, an enterprise tool for identity management, is installed on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid35104; scriptversion"1.15"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12";...

Apache Tomcat错误消息报告跨站脚本漏洞

CVE ID:CVE-2007-3384 CNCVE ID:CNCVE-20073384 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 当报告错误消息时，在显示前Tomcat没有正确过滤用户提供的数据，可导致跨站脚本攻击，攻击者诱使用户访问可导致获得敏感信息。 Apache Software Foundation Tomcat 3.3.2 Apache Software Foundation Tomcat 3.3.1 a Apache Softwar...

Apache Tomcat snoop.jsp URI XSS

The remote Apache Tomcat web server includes an example JSP application, 'snoop.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to...