63 matches found
EUVD-2000-1040
Malware in sbrugna...
EUVD-2012-2547
Malware in sbrugna...
EUVD-2017-5617
Malware in sbrugna...
EUVD-2017-16453
Malware in sbrugna...
EUVD-2015-7802
Malware in sbrugna...
EUVD-2012-3325
Malware in sbrugna...
CVE-2022-34269
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...
CVE-2021-28023
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths...
CVE-2013-5534
Directory traversal vulnerability in the attachment service in the Voice Message Web Service aka VMWS or Cisco Unity Web Service in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not ...
CVE-2022-34269
An issue was discovered in RWS WorldServer before 11.7.3. An authenticated, remote attacker can perform a ws-legacy/loaddtd?systemid= blind SSRF attack to deploy JSP code to the Apache Axis service running on the localhost interface, leading to command execution...
ServiceTonic Arbitrary File Upload Vulnerability
ServiceTonic is an ITIL-compliant service desk and enterprise service software. serviceTonic versions prior to 9.0.35937 have an arbitrary file upload vulnerability in the service import feature. An attacker could exploit the vulnerability to execute JSP code by uploading a zip file that extracts...
CVE-2021-28023
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths...
CVE-2021-28023
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths...
Design/Logic Flaw
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths...
CVE-2021-28023
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths...
CVE-2020-26806
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code...
Design/Logic Flaw
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code...
CVE-2020-26806
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code...
CVE-2021-34427
A flaw was found in eclipse-birt. An attacker can use query parameters to create a JSP file which is accessible from remote current BIRT viewer dir to inject JSP code into the running instance. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2021-21480
SAP MII allows users to create dashboards and save them as JSP through the SSCE Self Service Composition Environment. An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAPXMII...