EUVD-2002-2121

Malware in sbrugna...

CVE-2023-1663

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...

CVE-2023-1663

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...

Design/Logic Flaw

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...

CVE-2023-1663 Authenticated Resources Accessible via Forced Browsing

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and i...

ManageEngine Desktop Central - FileStorage getChartImage Deserialization Unauthenticated Remote Code Execution

ManageEngine Desktop Central - FileStorage getChartImage Deserialization Unauthenticated Remote Code Execution !/usr/bin/python3 """ ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability Download:...

TRS(ids新老版本)设计缺陷(xxe/用户信息泄露包括密码等)

简要描述： TRSids设计缺陷xxe/用户信息泄露包括密码，好久没有发过漏洞了，突然上来看了看，发现漏洞提交页面都变了 详细说明： 首先我们看看web.xml配置文件: ServiceServlet com.trs.idm.admin.service.ServiceServlet ServiceServlet /service 跟进ServiceServlet protected void serviceHttpServletRequest request, HttpServletResponse response throws ServletException, IOExceptio...

SAP DevInfPage - Security Bypass

Application: SAP NetWeaver J2EE Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 25.09.2012 Vendor response: 26.09.2013 Date of Public Advisory: 09.07.2013 Reference: SAP Security Note 1831053 Author: Dmitry Chastukhin ERPScan Descripti...

Apache Tomcat /servlet Mapping XSS

Apache Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. By using the /servlet/ mapping to invoke various servlets / classes it is possible to cause Tomcat to throw an exception, allowing XSS attacks...

Apache Tomcat 4.0.3 - Servlet Mapping Cross-Site Scripting

source: https://www.securityfocus.com/bid/5193/info A vulnerability has been reported for Apache Tomcat 4.0.3 on Microsoft Windows and Linux platforms. Reportedly, it is possible for an attacker to launch a cross site scripting attack. When servlet mapping is enabled, it is possible to invoke...

Apache Tomcat 4.0.3 - Servlet Mapping Cross-Site Scripting

Apache Tomcat 4.0.3 - Servlet Mapping Cross-Site Scripting source: https://www.securityfocus.com/bid/5193/info A vulnerability has been reported for Apache Tomcat 4.0.3 on Microsoft Windows and Linux platforms. Reportedly, it is possible for an attacker to launch a cross site scripting attack. Wh...