Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-17216

Malware in sbrugna...

10CVSS9.5AI score0.02146EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-9090

Malware in sbrugna...

10CVSS9.5AI score0.02906EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:10 p.m.10 views

CVE-2021-44093

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...

9.8CVSS7.2AI score0.02512EPSS
Exploits1
Cvelist
Cvelist
added 2025/03/11 12:0 a.m.14 views

CVE-2024-51319

A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...

0.0043EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2025/02/21 12:19 a.m.29 views

USN-7282-1: tomcat7 vulnerabilities

It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code...

8.1CVSS8AI score0.99988EPSS
Exploits27
CVE
CVE
added 2025/02/21 12:0 a.m.89 views

CVE-2025-25766

CVE-2025-25766 affects MRCMS v3.1.2 in the /file/savefile.do endpoint, where an arbitrary file upload vulnerability allows an attacker to execute arbitrary code by uploading a crafted .jsp file. This is documented across multiple sources (NVD, Red Hat, OSV, CVE listing, PT-2025-7572 highlights th...

4.8CVSS7.4AI score0.00296EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.6 views

PT-2022-5907 · Schneider Electric · Apc Easy Ups Online Monitoring +1

Name of the Vulnerable Software and Affected Versions: APC Easy UPS Online Monitoring Software versions prior to V2.5-GA APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261 Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS Schneider Electric...

10CVSS9.6AI score0.01071EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2021/06/11 12:0 a.m.4 views

PT-2021-3504

Name of the Vulnerable Software and Affected Versions OpenPLC ScadaBR versions through 0.9.1 on Linux OpenPLC ScadaBR versions through 1.12.4 on Windows Description The ScadaBR system, designed for data collection and process automation control, is affected by multiple issues. One issue involves...

8.8CVSS7.3AI score0.4805EPSS
Exploits9References28
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.57 views

SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2021:14705-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14705-1 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g...

8.1CVSS7.4AI score0.99988EPSS
Exploits38References10
Packet Storm
Packet Storm
added 2019/01/10 12:0 a.m.179 views

Adobe Coldfusion 11 CKEditor Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion CKEditor unrestricted file upload', 'Description' = %q A file upload vulnerability in the CKEditor of Adobe ColdFusion 11 Update...

10CVSS0.2AI score0.9995EPSS
Exploits11
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.31 views

Security Bulletin: Security vulnerability about Apache Tomcat JSP file upload in WebSphere Application Server Community Edition 3.0.0.4

Summary Unrestricted file upload vulnerability in Apache Tomcat which is shipped with WASCE 3.0.0.4, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file. Vulnerability...

6.8CVSS0.7AI score0.1399EPSS
Exploits0Affected Software1
NVD
NVD
added 2018/04/27 4:29 a.m.18 views

CVE-2018-10469

b3log Symphony aka Sym 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name parameter to the /upload URI...

9.8CVSS9.8AI score0.02157EPSS
Exploits1References1
Prion
Prion
added 2018/04/27 4:29 a.m.17 views

Design/Logic Flaw

b3log Symphony aka Sym 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name parameter to the /upload URI...

7.5CVSS9.7AI score0.02157EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2018/02/05 10:27 a.m.83 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.19 security update

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.1CVSS7AI score0.99988EPSS
Exploits28References6
Mageia
Mageia
added 2017/11/02 9:47 p.m.67 views

Updated tomcat packages fix security vulnerability

When running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

8.1CVSS1.6AI score0.99988EPSS
Exploits23References3
Amazon
Amazon
added 2017/10/26 12:0 a.m.125 views

Important: tomcat8, tomcat80, tomcat7

Issue Overview: A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. CVE-2017-12617 Affected Packages: tomcat8, tomcat80, tomcat7...

8.1CVSS8.1AI score0.99988EPSS
Exploits23
Tenable Nessus
Tenable Nessus
added 2017/10/11 12:0 a.m.718 views

Apache Tomcat 7.0.0 < 7.0.82

The version of Tomcat installed on the remote host is prior to 7.0.82. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.82security-7 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81...

8.1CVSS7.8AI score0.99988EPSS
Exploits23References6
Tenable Nessus
Tenable Nessus
added 2017/10/06 12:0 a.m.351 views

Apache Tomcat 8.0.0.RC1 < 8.0.47

The version of Tomcat installed on the remote host is prior to 8.0.47. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.47security-8 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81...

8.1CVSS7.8AI score0.99988EPSS
Exploits23References3
Vulnrichment
Vulnrichment
added 2017/10/03 3:0 p.m.27 views

CVE-2017-12617

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...

7.3AI score0.99988EPSS
Exploits23References44
Cvelist
Cvelist
added 2013/09/13 6:0 p.m.28 views

CVE-2013-4812

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code vi...

7.5AI score0.51903EPSS
Exploits10References4
Rows per page
Query Builder