Nuxeo 6.07.17.27.3 - Remote Code Execution (Metasploit)

Nuxeo 6.07.17.27.3 - Remote Code Execution Metasploit =begin Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform...

Nuxeo Platform 6.x / 7.x Shell Upload

Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform. By crafting the upload request with a specific X-File-Name...

Websense TRITON 7.8 Source Code Disclosure

The version of Websense TRITON running on the remote web server contains a flaw in handling a JSP script request having an appended double quote character. This causes the source code of the script to be returned instead of it being executed. An unauthenticated, remote attacker can exploit this...

ArcSight Logger - Arbitrary File Upload Code Execution

ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...

PT-2013-65: Sensitive Information Disclosure in Jetty

The specialists of the Positive Research center have detected a Sensitive Information Disclosure vulnerability in Jetty on Windows. The system does not consider that NTFS allows users to address files with extended syntax, while matching the requested resource URL with locations defined in web...

Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability

This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache...

Crystal Reports Server InfoView logonAction Parameter XSS

The InfoView component included with the Crystal Reports Server install on the remote host contains a JSP script fails to sanitize user input to the 'logonAction' parameter of its 'logon.jsp' script before using it to generate dynamic HTML output. An attacker may be able to leverage this issue to...

CVE-2010-3600

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was...

Code injection

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was...

CVE-2010-3600

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was...

Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database 11g. Authentication is not required to exploit this vulnerability. The specific flaw exists within a JSP script exposed via an HTTPS server running by default on TCP port 1158. The...

Oracle BPM Process Administrator tips.jsp context Parameter XSS

The Oracle Business Process Manager BPM Suite's Process Administrator running on the remote host contains a JSP script - 'webconsole/faces/faces/faces/jsf/tips.jsp' - that fails to sanitize user input to the 'context' parameter before using it to generate dynamic HTML output. An attacker may be...

Symantec Backup Exec System Recovery Manager Unauthorized File Upload (CVE-2008-0457)

Symantec Backup Exec System Recovery Manager is a complete, disk-based system recovery solution for Microsoft Windows based servers, desktops, and laptops that allows businesses to recover from system loss or disasters. A file upload vulnerability exists in the Symantec Backup Exec System Recover...

InterScan Web Security Virtual Appliance本地权限提升和任意文件上传/下载漏洞

BUGTRAQ ID: 41072 InterScan Web Security Virtual Appliance是一款能安装在VMware平台上的网页过滤产品。 InterScan Web Security Virtual Appliance没有正确地过滤提交给/servlet/com.trend.iwss.gui.servlet.exportreport的 exportname"参数和提交给/servlet/com.trend.iwss.gui.servlet.ConfigBackup的 pkgname参数，远程攻击者可以通过目录遍历攻击从系统下载任意文件。 InterScan W...

CVE-2001-1189

IBM WebSphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, enabling local users to retrieve passwords via a JSP script. Affected software: IBM WebSphere Application Server prior to 3.5.3. Root cause: credentials stored in cleartext. Impact: loc...