EUVD-2014-0756

Malware in sbrugna...

Authorization Bypass

Alpine is vulnerable to authorization bypass.The vulnerability exists in doFilter functions of BlacklistUrlFilter.java and WhitelistUrlFilter.java allows an attacker to bypass administrative restrictions via executable WAR files...

XXE vulnerability in Jenkins WebSphere Deployer Plugin

WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This could be exploited by a user with Job/Configure permissions to upload a specially crafted war file containing a WEB-INF/ibm-web-ext.xml which is parsed by the plugin...

Opportunistic Exploitation of WSO2 CVE-2022-29464

On April 18, 2022, MITRE published CVE-2022-29464 , an unrestricted file upload vulnerability affecting various WSO2 products. WSO2 followed with a security advisory explaining the vulnerability allowed unauthenticated and remote attackers to execute arbitrary code in the following products: API...

Exploit for CVE-2022-21449

CVE-2022-21449 Overview This tool allows to perform a qu...

Arbitrary File Write

wildfly-deployment-repository is vulnerable to the zip-slip vulnerability. The library does not validate the target path when extracting and deploying .war files, leading to arbitrary file writes outside of the intended target directory...

Arbitrary File Write

wildfly-deployment-repository is vulnerable to the zip-slip vulnerability. The library does not validate the target path when extracting and deploying .war files, leading to arbitrary file writes outside of the intended target directory...

Directory traversal

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute...

CVE-2014-6034

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute...

CVE-2012-2561

HP Business Service Management BSM 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444...

HP Business Service Management Remote Code Execution

HP Business Service Management BSM 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444. Recent assessments: wchen-r7 at Septembe...

Apache Patch released for Reverse proxy Bypass Vulnerability

Apache Patch released forReverse proxy Bypass Vulnerability Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. Security experts are warning firms running the Apache web server to keep up to date with the latest...

CVE-2010-3878

Cross-site request forgery CSRF vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files...

CVE-2010-3878

Cross-site request forgery CSRF vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files...

CVE-2010-3878

Cross-site request forgery CSRF vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files...

JBoss EAP jmx console FileDeployment CSRF

Cross-site request forgery CSRF vulnerability in the JMX Console in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 allows remote attackers to hijack the authentication of administrators for requests that deploy WAR files...

Directory traversal

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. dot dot in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry...

IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws

IBM WebSphere Application Server 6.1 before Fix Pack 23 appears to be installed on the remote host. Such versions are reportedly affected by multiple vulnerabilities : - Provided an attacker has valid credentials, it may be possible to hijack an authenticated session. PK66676 - It may be possible...

Code injection

The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server WAS 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in 1 web-inf, 2 meta-inf, and unspecified other...