196 matches found
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'NETGEAR ProSafe Network Management System 300 Arbitrary File Upload', 'Description' = %q Netgear's ProSafe NMS300 is a network...
Adobe Experience Manager Apache Sling Servlets Post Component Information Disclosure Vulnerability
Apache Sling is an open source Web framework on the Java platform , in the JCR content library to create content-oriented applications . Adobe Experience Manager AEM is the United States of America Odobe Adobe company can be used to build websites, mobile applications and forms of content...
CVE-2016-0956
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors...
Information disclosure
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2016-0956
CVE-2016-0956 affects the Apache Sling Servlets Post component (version 2.3.6) used by Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0. The issue is an information-disclosure vulnerability in Sling Post 2.3.6 allowing remote attackers to obtain sensitive information via unspecified vectors. APSB...
Netgear Management System Vulnerable to RCE, Path Traversal Attacks
Netgear’s ProSafe Network Management System suffers from two vulnerabilities, an arbitrary file upload and a path traversal, which could let a remote attacker execute code and download files. The problems affect the NMS300 product, a web-based system the company manufactures to help users monitor...
IBM WebSphere Application Server Sensitive Information Disclosure Vulnerability
IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WAS. A remote attacke...
Information disclosure
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors...
CVE-2015-4938
CVE-2015-4938 in IBM WebSphere Application Server could allow a remote attacker to spoof a servlet and persuade a user to enter sensitive information. Affected products/versions include WebSphere Application Server 7.0, 8.0, and 8.5.x (across Full/Li berty profiles and related bundles). The root ...
CVE-2015-5176
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource...
CVE-2015-5176
CVE-2015-5176 concerns Red Hat JBoss Portal 6.2.0: the PortletBridge PortletRequestDispatcher fails to enforce servlet security constraints, allowing a remote attacker to access resources by requesting rendering of a non-JSF resource. Root cause: improper enforcement of servlet constraints in Por...
CVE-2015-5176
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource...
Apache Sling API and Sling Servlets Cross-Site Scripting Vulnerabilities
Apache Sling API is the United States Apache Apache Software Foundation's set of frameworks for building Web applications. Apache Sling Servlets Post is one of the container. Apache Sling API and Sling Servlets have a cross-site scripting vulnerability. Allow remote attackers to exploit the...
CVE-2015-2944
Multiple cross-site scripting XSS vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to 1 org/apache/sling/api/servlets/HtmlResponse and 2...
Apache Sling API and Servlets Post components vulnerable to cross-site scripting
Overview Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. MORI Shingo...
JVN#61328139: Apache Sling API and Servlets Post components vulnerable to cross-site scripting
Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. Impact An arbitrary...
CVE-2014-6090
Multiple cross-site request forgery CSRF vulnerabilities in the 1 DataMappingEditorCommands, 2 DatastoreEditorCommands, and 3 IEGEditorCommands servlets in IBM Curam Social Program Management SPM 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and...
Citrix Command Center Arbitrary Code Execution Vulnerability
Citrix Command Center provides centralized management of Branch Repeater products deployed across the network. Citrix Command Center fails to properly restrict access to Advent Java Management Extensions JMX, which allows remote attackers to exploit a vulnerability to execute arbitrary code via...
Workbench: Insufficient authorization constraints
It was discovered that the default authorization constrains applied on servelets deployed in the KIE Workbench application were insufficient. A remote, authenticated user without sufficient privileges could use this flaw to upload or download arbitrary files, perform privileged actions that...
Workbench: Insufficient authorization constraints
It was discovered that the default authorization constrains applied on servelets deployed in the KIE Workbench application were insufficient. A remote, authenticated user without sufficient privileges could use this flaw to upload or download arbitrary files, perform privileged actions that...