CVE-2017-11296

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager...

CVE-2017-11296

CVE-2017-11296 affects Adobe Experience Manager 6.0–6.3 via a cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20. The root cause is improper input handling in that component, allowing a browser-based XSS attack. The vulnerability has been resolved in AEM; exploitation status ...

Apache Sling Servlets Post Cross-Site Scripting Vulnerability (CNVD-2017-37560)

Adobe Experience Manager AEM is the United States of America Ordoby Adobe can be used to build a set of web sites, mobile applications and forms of content management solutions. The program supports mobile content management, marketing and sales campaign management and multi-site management , etc...

servlets.com XSS vulnerability

Open Bug Bounty ID: OBB-424017 Description| Value ---|--- Affected Website:| servlets.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

McAfee ePolicy Orchestrator DataChannel Blind SQL Injection Vulnerability(CVE-2016-8027)

Summary An exploitable blind sql injection vulnerability exists within McAfee's ePolicy Orchestrator 5.3.0 that is accessible without authentication. A specially crafted HTTP post can allow an aggressor to alter a sql query which can result in disclosure of information within the database or...

Apache Sling Servlets Post 2.3.20 Cross Site Scripting Vulnerability

Exploit for multiple platform in category remote exploits CVE-2017-9802: Apache Sling XSS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Sling Servlets Post 2.3.20 Description: The Javascript method Sling.evalString uses the javascript eval...

Apache Sling Servlets Post Cross-Site Scripting Vulnerability

Apache Sling API is the United States Apache Apache Software Foundation's set of frameworks for building Web applications. Apache Sling Servlets Post is one of the container. A security vulnerability exists in the Javascript method Sling.evalString in Apache Sling Servlets Post versions prior to...

CVE-2017-9802

CVE-2017-9802 affects Apache Sling Servlets Post prior to version 2.3.22. The vulnerability arises from using the Javascript function eval on input strings in Sling.evalString(), enabling cross-site scripting (XSS). Impact is XSS through crafted input strings; affected version is 2.3.20 (and olde...

CVE-2015-2560

Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet...

CVE-2017-11466

Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajaxfileupload. This results...

EUVD-2022-4402

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the origin...

Code injection

Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not...

HPE Operations Orchestration Insecure Deserialization (CVE-2016-8519)

An insecure deserialization vulnerability has been reported in HPE Operations Orchestration. The vulnerability is due to the deserialization of untrusted data in several servlets used for backwards compatibility with older API versions. A remote, unauthenticated attacker can exploit this...

CVE-2016-6600

The CVE refers to a directory traversal vulnerability in WebNMS Framework Server 5.2 and 5.2 SP1 (ZOHO WebNMS) via FileUploadServlet, where a crafted fileName with .. allows remote attackers to upload and execute JSP files. A Metasploit module and multiple advisories document an arbitrary file up...

Updated struts packages fix security vulnerabilities

Updated struts packages fix security vulnerabilities: A vulnerability in Apache Struts 1 ActionForm allowing unintended remote operations against components on server memory, such as Servlets and ClassLoader, was found CVE-2016-1181. It was reported that The Apache Struts 1 Validator contains a...

Debian Security Advisory DSA 3611-1 (libcommons-fileupload-java - security update)

The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending fil...

Debian DSA-3614-1 : tomcat7 - security update

The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending fil...

Sql injection

Multiple SQL injection vulnerabilities in the Web Services web server in SolarWinds Storage Resource Monitor SRM Profiler formerly Storage Manager STM before 6.2.3 allow remote attackers to execute arbitrary SQL commands via the 1 ScriptSchedule parameter in the ScriptServlet servlet; the 2...

ManageEngine Desktop Central 8 / 9 < Build 91100 Multiple RCE

The ManageEngine Desktop Central application running on the remote host is version 8, or else version 9 prior to build 91100. It is, therefore, affected by multiple remote code execution vulnerabilities : - A flaw exists in the statusUpdate script due to a failure to properly sanitize user-suppli...

Apache ActiveMQ Web Console Missing X-Frame-Options Clickjacking

The version of Apache ActiveMQ running on the remote host is affected by a clickjacking vulnerability in the web-based administration console due to not setting the X-Frame-Options header in HTTP responses. A remote attacker can exploit this to trick a user into executing administrative tasks. No...