21 matches found
EUVD-2019-17216
Malware in sbrugna...
EUVD-2015-9090
Malware in sbrugna...
CVE-2021-44093
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell...
CVE-2024-51319
A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...
USN-7282-1: tomcat7 vulnerabilities
It was discovered that Tomcat incorrectly handled being configured with HTTP PUTs enabled. A remote attacker could use this issue to upload a JSP file to the server and execute arbitrary code...
CVE-2025-25766
CVE-2025-25766 affects MRCMS v3.1.2 in the /file/savefile.do endpoint, where an arbitrary file upload vulnerability allows an attacker to execute arbitrary code by uploading a crafted .jsp file. This is documented across multiple sources (NVD, Red Hat, OSV, CVE listing, PT-2025-7572 highlights th...
PT-2022-5907 · Schneider Electric · Apc Easy Ups Online Monitoring +1
Name of the Vulnerable Software and Affected Versions: APC Easy UPS Online Monitoring Software versions prior to V2.5-GA APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261 Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS Schneider Electric...
PT-2021-3504
Name of the Vulnerable Software and Affected Versions OpenPLC ScadaBR versions through 0.9.1 on Linux OpenPLC ScadaBR versions through 1.12.4 on Windows Description The ScadaBR system, designed for data collection and process automation control, is affected by multiple issues. One issue involves...
SUSE SLES11 Security Update : tomcat6 (SUSE-SU-2021:14705-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14705-1 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g...
Adobe Coldfusion 11 CKEditor Arbitrary File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion CKEditor unrestricted file upload', 'Description' = %q A file upload vulnerability in the CKEditor of Adobe ColdFusion 11 Update...
Security Bulletin: Security vulnerability about Apache Tomcat JSP file upload in WebSphere Application Server Community Edition 3.0.0.4
Summary Unrestricted file upload vulnerability in Apache Tomcat which is shipped with WASCE 3.0.0.4, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file. Vulnerability...
CVE-2018-10469
b3log Symphony aka Sym 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name parameter to the /upload URI...
Design/Logic Flaw
b3log Symphony aka Sym 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name parameter to the /upload URI...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.19 security update
An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Updated tomcat packages fix security vulnerability
When running with HTTP PUTs enabled e.g. via setting the readonly initialization parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...
Important: tomcat8, tomcat80, tomcat7
Issue Overview: A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. CVE-2017-12617 Affected Packages: tomcat8, tomcat80, tomcat7...
Apache Tomcat 7.0.0 < 7.0.82
The version of Tomcat installed on the remote host is prior to 7.0.82. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat7.0.82security-7 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81...
Apache Tomcat 8.0.0.RC1 < 8.0.47
The version of Tomcat installed on the remote host is prior to 8.0.47. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.0.47security-8 advisory. - When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81...
CVE-2017-12617
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled e.g. via setting the readonly initialisation parameter of the Default servlet to false it was possible to upload a JSP file to the server via a specially crafted...
CVE-2013-4812
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager IDM 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code vi...