Lucene search
K

196 matches found

Packet Storm
Packet Storm
added 2016/02/29 12:0 a.m.41 views

NETGEAR ProSafe Network Management System 300 Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'NETGEAR ProSafe Network Management System 300 Arbitrary File Upload', 'Description' = %q Netgear's ProSafe NMS300 is a network...

7.8CVSS9.2AI score0.75013EPSS
Exploits8
CNVD
CNVD
added 2016/02/11 12:0 a.m.4 views

Adobe Experience Manager Apache Sling Servlets Post Component Information Disclosure Vulnerability

Apache Sling is an open source Web framework on the Java platform , in the JCR content library to create content-oriented applications . Adobe Experience Manager AEM is the United States of America Odobe Adobe company can be used to build websites, mobile applications and forms of content...

7.8CVSS6.3AI score0.46187EPSS
Exploits6References1
OSV
OSV
added 2016/02/10 8:59 p.m.4 views

CVE-2016-0956

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors...

7.5CVSS5.8AI score0.46187EPSS
Exploits6References5
Prion
Prion
added 2016/02/10 8:59 p.m.22 views

Information disclosure

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors...

7.8CVSS6.5AI score0.46187EPSS
Exploits6References5Affected Software1
CVE
CVE
added 2016/02/10 8:0 p.m.134 views

CVE-2016-0956

CVE-2016-0956 affects the Apache Sling Servlets Post component (version 2.3.6) used by Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0. The issue is an information-disclosure vulnerability in Sling Post 2.3.6 allowing remote attackers to obtain sensitive information via unspecified vectors. APSB...

7.8CVSS7AI score0.46187EPSS
Exploits6References5Affected Software1
ThreatPost
ThreatPost
added 2016/02/04 1:5 p.m.10 views

Netgear Management System Vulnerable to RCE, Path Traversal Attacks

Netgear’s ProSafe Network Management System suffers from two vulnerabilities, an arbitrary file upload and a path traversal, which could let a remote attacker execute code and download files. The problems affect the NMS300 product, a web-based system the company manufactures to help users monitor...

1.4AI score
Exploits0References3
CNVD
CNVD
added 2015/08/24 12:0 a.m.1 views

IBM WebSphere Application Server Sensitive Information Disclosure Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WAS. A remote attacke...

5CVSS9.3AI score0.02107EPSS
Exploits0References1
Prion
Prion
added 2015/08/22 11:59 p.m.13 views

Information disclosure

IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vectors...

5CVSS6.3AI score0.02107EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2015/08/22 11:0 p.m.77 views

CVE-2015-4938

CVE-2015-4938 in IBM WebSphere Application Server could allow a remote attacker to spoof a servlet and persuade a user to enter sensitive information. Affected products/versions include WebSphere Application Server 7.0, 8.0, and 8.5.x (across Full/Li berty profiles and related bundles). The root ...

5CVSS8AI score0.02107EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2015/08/11 2:59 p.m.16 views

CVE-2015-5176

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource...

5.8CVSS6.9AI score0.01648EPSS
Exploits0References1
CVE
CVE
added 2015/08/11 2:0 p.m.55 views

CVE-2015-5176

CVE-2015-5176 concerns Red Hat JBoss Portal 6.2.0: the PortletBridge PortletRequestDispatcher fails to enforce servlet security constraints, allowing a remote attacker to access resources by requesting rendering of a non-JSF resource. Root cause: improper enforcement of servlet constraints in Por...

5.8CVSS7.1AI score0.01648EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/08/11 2:0 p.m.31 views

CVE-2015-5176

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource...

6.9AI score0.01648EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/04 12:0 a.m.3 views

Apache Sling API and Sling Servlets Cross-Site Scripting Vulnerabilities

Apache Sling API is the United States Apache Apache Software Foundation's set of frameworks for building Web applications. Apache Sling Servlets Post is one of the container. Apache Sling API and Sling Servlets have a cross-site scripting vulnerability. Allow remote attackers to exploit the...

4.3CVSS6.2AI score0.06297EPSS
Exploits1References1
NVD
NVD
added 2015/06/02 2:59 p.m.20 views

CVE-2015-2944

Multiple cross-site scripting XSS vulnerabilities in Apache Sling API before 2.2.2 and Apache Sling Servlets Post before 2.1.2 allow remote attackers to inject arbitrary web script or HTML via the URI, related to 1 org/apache/sling/api/servlets/HtmlResponse and 2...

4.3CVSS5.7AI score0.06297EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/05/27 5:43 a.m.2 views

Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Overview Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. MORI Shingo...

4.3CVSS6AI score0.06297EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/05/27 12:0 a.m.48 views

JVN#61328139: Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. Impact An arbitrary...

4.3CVSS5.7AI score0.06297EPSS
Exploits1
NVD
NVD
added 2015/04/27 11:59 a.m.22 views

CVE-2014-6090

Multiple cross-site request forgery CSRF vulnerabilities in the 1 DataMappingEditorCommands, 2 DatastoreEditorCommands, and 3 IEGEditorCommands servlets in IBM Curam Social Program Management SPM 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix10, and...

6.8CVSS6.6AI score0.00578EPSS
Exploits0References1
CNVD
CNVD
added 2015/03/28 12:0 a.m.3 views

Citrix Command Center Arbitrary Code Execution Vulnerability

Citrix Command Center provides centralized management of Branch Repeater products deployed across the network. Citrix Command Center fails to properly restrict access to Advent Java Management Extensions JMX, which allows remote attackers to exploit a vulnerability to execute arbitrary code via...

7.5CVSS8AI score0.05245EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.2 views

Workbench: Insufficient authorization constraints

It was discovered that the default authorization constrains applied on servelets deployed in the KIE Workbench application were insufficient. A remote, authenticated user without sufficient privileges could use this flaw to upload or download arbitrary files, perform privileged actions that...

6.5CVSS5.8AI score0.01905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.3 views

Workbench: Insufficient authorization constraints

It was discovered that the default authorization constrains applied on servelets deployed in the KIE Workbench application were insufficient. A remote, authenticated user without sufficient privileges could use this flaw to upload or download arbitrary files, perform privileged actions that...

6.5CVSS5.8AI score0.01905EPSS
Exploits0References4
Rows per page
Query Builder