Lucene search
K

43 matches found

Prion
Prion
added 2016/07/21 10:13 a.m.10 views

Design/Logic Flaw

Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs...

9.4CVSS6.1AI score0.03956EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2016/07/21 10:0 a.m.5 views

CVE-2016-3546

Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs...

5.9AI score0.03956EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/07/21 10:0 a.m.19 views

CVE-2016-3546

Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs...

8.1AI score0.03956EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/03/18 12:0 a.m.319 views

Apache ActiveMQ Web Console Missing X-Frame-Options Clickjacking

The version of Apache ActiveMQ running on the remote host is affected by a clickjacking vulnerability in the web-based administration console due to not setting the X-Frame-Options header in HTTP responses. A remote attacker can exploit this to trick a user into executing administrative tasks. No...

6.1CVSS6.8AI score0.08323EPSS
Exploits0References4
securityvulns
securityvulns
added 2015/10/25 12:0 a.m.70 views

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access

ERPSCAN Research Advisory ERPSCAN-15-017 SAP NetWeaver J2EE DAS service - Unauthorized Access Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA, probably others Vendor URL: http://SAP.com Bugs: Unauthorized access Sent: 20.04.2013 Reported: 21.04.2013 Vendor response: 21.04.2013...

0.3AI score
Exploits0
CNVD
CNVD
added 2015/09/27 12:0 a.m.25 views

Apache Struts Cross-Site Scripting Vulnerability

Apache Struts is an open source framework for creating enterprise Java Web applications. Apache Struts suffers from a cross-site scripting vulnerability when the JSP is directly accessible, allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be...

6.1CVSS8.8AI score0.05618EPSS
Exploits0References1
myhack58
myhack58
added 2015/07/24 12:0 a.m.22 views

SysAid Help Desk Administrator Portal Arbitrary File Upload-vulnerability warning-the black bar safety net

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SysAid Help Desk Administrator Portal Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in...

7.2AI score0.49791EPSS
Exploits9
NVD
NVD
added 2014/06/18 4:55 p.m.23 views

CVE-2014-3012

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

3.5CVSS6.6AI score0.00951EPSS
Exploits0References3
Prion
Prion
added 2014/06/18 4:55 p.m.13 views

Crlf injection

Multiple CRLF injection vulnerabilities in IBM Curam Social Program Management 5.2 SP1 through 6.0.5.4 allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters to custom JSPs...

3.5CVSS7.1AI score0.00951EPSS
Exploits0References3Affected Software1
erpscan
erpscan
added 2013/04/20 12:0 a.m.20 views

SAP NetWeaver J2EE DAS service - Unauthorized Access

Application: SAP NetWeaver JAVA Vendor URL: http://www.sap.com Bugs: Unauthorized access Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 15.07.2015 Reference: SAP Security Note 1945215 Authors: Alexander Polyakov ERPScan VULNERABILITY INFORMATION Class: Unauthorized Acce...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2011/06/14 5:27 a.m.18 views

Admin JSPs don't have XSRF protection

As well as a number of XSS bugs which were recently fixed in CONF-22568, the JSPs contained in Confluence don't support the same XSRF protection which our actions use. We should convert this functionality over to actions and only use JSPs to deliver patches to customers, not for proper...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/06/14 5:27 a.m.18 views

Admin JSPs don't have XSRF protection

As well as a number of XSS bugs which were recently fixed in CONF-22568, the JSPs contained in Confluence don't support the same XSRF protection which our actions use. We should convert this functionality over to actions and only use JSPs to deliver patches to customers, not for proper...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2011/06/14 5:27 a.m.22 views

Admin JSPs don't have XSRF protection

As well as a number of XSS bugs which were recently fixed in CONF-22568, the JSPs contained in Confluence don't support the same XSRF protection which our actions use. We should convert this functionality over to actions and only use JSPs to deliver patches to customers, not for proper...

2.4AI score
Exploits0
Atlassian
Atlassian
added 2010/04/22 5:52 a.m.19 views

XSS vulnerability in some JSPs under admin section

Several JSPs found under the admin section of Confluence have been found to be vulnerable to XSS attacks. This issue corrects those problems. This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/ZILmD for information on other security related issues and more information on...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/04/22 5:52 a.m.15 views

XSS vulnerability in some JSPs under admin section

Several JSPs found under the admin section of Confluence have been found to be vulnerable to XSS attacks. This issue corrects those problems. This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/ZILmD for information on other security related issues and more information on...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/04/22 5:52 a.m.23 views

XSS vulnerability in some JSPs under admin section

Several JSPs found under the admin section of Confluence have been found to be vulnerable to XSS attacks. This issue corrects those problems. This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/ZILmD for information on other security related issues and more information on...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2010/04/16 4:34 a.m.28 views

Miscellaneous support-related JSPs contain XSS holes

JIRA contains a number of support related JSPs that have been added over the years. They were mostly for fighting spam and other support related tasks. Unfortunately none of these were ever tested very much and contain a lot of XSS holes. They are: groupnames.jsp indexbrowser.jsp...

1.2AI score
Exploits0Affected Software1
Fedora
Fedora
added 2009/05/26 7:55 a.m.39 views

[SECURITY] Fedora 9 Update: jetty-5.1.15-3.fc9

Jetty is a 100% Java HTTP Server and Servlet Container. This means that you do not need to configure and run a separate web server like Apache in order to use java, servlets and JSPs to generate dynamic content. Jetty is a fully featured web server for static and dynamic content. Unlike separate...

5CVSS0.5AI score0.25802EPSS
Exploits0
NVD
NVD
added 2008/12/10 12:30 a.m.18 views

CVE-2008-5412

Unspecified vulnerability in IBM WebSphere Application Server WAS 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438...

10CVSS6.1AI score0.02266EPSS
Exploits0References6
Prion
Prion
added 2008/12/10 12:30 a.m.19 views

Code injection

Unspecified vulnerability in IBM WebSphere Application Server WAS 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438...

10CVSS6.5AI score0.02266EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder