CVE-2026-8758

CVE-2026-8758 affects Metasoft MetaCRM up to version 6.4.0 Beta06. The issue lies in an unspecified function within /common/jsp/upload3.jsp where manipulating the File argument can trigger an unrestricted upload. The vulnerability can be exploited remotely, and public exploit activity has been ob...

PT-2026-1780

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A security flaw exists in Sangfor Operation and Maintenance Management System. The issue involves unrestricted file upload due to manipulation of the File...

CVE-2025-15420 Yonyou KSOA agent_work_report.jsp sql injection

A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agentworkreport.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The...

CVE-2025-63735

A reflected Cross site scripting XSS vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp...

EUVD-2015-6877

Malware in sbrugna...

EUVD-2000-1220

Malware in sbrugna...

EUVD-2015-6876

Malware in sbrugna...

CVE-2025-34028

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

CVE-2025-3037

A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be...

CVE-2023-40276

An issue was discovered in OpenClinic GA 5.247.01. An Unauthenticated File Download vulnerability has been discovered in pharmacy/exportFile.jsp...

Vulnerability fixed in Tomcat

Two vulnerabilities have been discovered in the Tomcat servlet and the JSP engine, which could lead to information disclosure or denial of service. -= Debian =- Debian has made updates to tomcat9 available for Debian 10.0 Buster to address the vulnerabilities. You can install the custom packages ...

UF A6 /yyoa/assess/js/initDataAssess. jsp information disclosure

No description provided by source...

RedHat Update for tomcat RHSA-2015:0983-01

The remote host is missing an update for the Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)

No description provided by source. %@ page import=java.util.,java.io.% % % %-- abysssec inc public material just upload this file with abysssec.jsp and execute your command your command will run as administrator . you can download sam file add user or do anything you want . note : please be gentl...

Apache Tomcat (Windows) - runtime.getRuntime().exec() Local Privilege Escalation

Apache Tomcat Windows - runtime.getRuntime.exec Local Privilege Escalation Abysssec inc abysssec.com JSP vulnerability JSP Privilege Escalation Vulnerability PoC "; Process p = Runtime.getRuntime.execrequest.getParameter"cmd"; OutputStream os = p.getOutputStream; InputStream in = p.getInputStream...

BEA WebLogic SSIServlet Invocation Source Code Disclosure

BEA WebLogic may be tricked into revealing the source code of JSP scripts by prefixing the path to the .jsp files by /.shtml/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script is based on BEAweblogicRevealsourcecode.nasl Script audit and contributions from Carmichael Security Erik...

Important: Red Hat Security Advisory: tomcat security update for Stronghold

Updated tomcat packages are now available for Stronghold 4.0 to close a second JSP source code exposure vulnerability. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. A source code exposure vulnerability...

Apache Tomcat 4.1 - JSP Request Cross-Site Scripting

source: https://www.securityfocus.com/bid/5542/info Jakarta Tomcat is a Java Servlet and JSP server produced by the Apache Software Foundation. Tomcat is available for Microsoft Windows, Linux, and other Unix based operating systems. A cross site scripting vulnerability has been reported in some...

Oracle JSP Apache/Jserv Path Translation Arbitrary JSP File Execution

Detects Vulnerability in the execution of JSPs outside docroot. A potential security vulnerability has been discovered in Oracle JSP releases 1.0.x through 1.1.1 in Apache/Jserv. This vulnerability permits access to and execution of unintended JSP files outside the docroot in Apache/Jserv. For...

CVE-2001-0591

Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' dot dot attack...