28 matches found
EUVD-2000-1099
Malware in sbrugna...
EUVD-2009-0442
Malware in sbrugna...
EUVD-2016-0335
Malware in sbrugna...
GHSA-MJV2-6JV4-VRG7 OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting
Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information...
Maggioli SpA Appalti & Contratti 安全漏洞
Maggioli SpA Appalti & Contratti is a modular platform of Maggioli SpA. It consists of several integrated web applications to support Italian public administrations in the computerization and telematics management of their processes. A security vulnerability exists in Maggioli SpA Appalti &...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple parameters such as setName, webappType, httpPort, dsName, description, phase, and url in different JSP pages. An attacker can inject arbitrary web script or HTML by sending crafted input to these...
Directory Traversal
Jetty is vulnerable to directory traversal. A remote attacker is able to retrieve contents of JSP pages via URL-encoded backslash character %5C...
Security Bulletin: Improper Input Validation in IBM TRIRIGA Application Platform (CVE-2016-0300)
Summary The IBM TRIRIGA Application Platform has a security flaw that could grant unauthenticated access into all JSP pages within the application structure under certain circumstances with the right criteria, which may allow for subsequent probing and exploitation. Vulnerability Details CVEID:...
Input validation
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412...
CVE-2016-0300
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412...
CVE-2016-0300
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 might allow remote attackers to access arbitrary JSP pages via vectors related to improper input validation. IBM X-Force ID: 111412...
Provide HTTP headers for the content that absolutely must not be cached on the client
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29598. panel We have to provide the following HTTP headers in all responses containing sensitive content: Cache-control: no-store Pragma:...
Oracle WebLogic JSP Pages Unspecified Information Disclosure (CVE-2008-2580)
According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host is affected by an unspecified information disclosure vulnerability in JSP pages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...
CVE-2009-5000
Multiple cross-site scripting XSS vulnerabilities in the Workplace aka WP component in IBM FileNet P8 Application Engine P8AE 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages...
Hewlett-Packard OVPI helpmanager Servlet Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Hewlett-Packard Performance Insight. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the helpmanager servlet running on the...
CVE-2009-0613
Trend Micro InterScan Web Security Suite IWSS 3.1 before build 1237 allows remote authenticated Auditor and Report Only users to bypass intended permission settings, and modify the system configuration, via requests to unspecified JSP pages...
Authorization
IBM WebSphere Application Server WAS 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412...
IBM WebSphere Application Server 7.0 < Fix Pack 1
IBM WebSphere Application Server 7.0 before Fix Pack 1 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities. - The PerfServlet code writes sensitive information in the 'systemout.log' and ffdc files, provided Performance Monitoring Infrastructur...
Debian Security Advisory DSA 225-1 (tomcat4)
The remote host is missing an update to tomcat4 announced via advisory DSA 225-1. OpenVAS Vulnerability Test $Id: deb2251.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 225-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...