Lucene search
K

143 matches found

Cvelist
Cvelist
added 2021/06/08 5:45 p.m.74 views

CVE-2021-32674 Remote Code Execution via traversal in TAL expressions

Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL...

8.8CVSS8.9AI score0.01574EPSS
Exploits0References4
CVE
CVE
added 2021/05/21 1:55 p.m.92 views

CVE-2021-32633

CVE-2021-32633 affects Zope prior to versions 4.6 and 5.2, where untrusted modules can indirectly access Python modules available for direct use, enabling unauthenticated or low-privileged users who can edit Zope Page Templates to exploit web-exposed templates. The issue arises from how Zope hand...

8.8CVSS7.4AI score0.01843EPSS
Exploits1References5Affected Software2
Kitploit
Kitploit
added 2021/05/20 9:30 p.m.82 views

ABPTTS - TCP Tunneling Over HTTP/HTTPS For Web Application Servers

A Black Path Toward The Sun TCP tunneling over HTTP for web application servers https://www.blackhat.com/us-16/arsenal.htmla-black-path-toward-the-sun Ben Lincoln, NCC Group, 2016 ABPTTS uses a Python client script and a web application server page/package1 to tunnel TCP traffic over an HTTP/HTTP...

7.2AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/28 6:5 p.m.18 views

Security Bulletin: It is possible to download arbitrary server files via ViewONE server (CVE-2019-4260)

Summary A logged in user may be able to download arbitrary files from the server using the ViewONE Virtual platform. Vulnerability Details CVEID: CVE-2019-4260 DESCRIPTION: IBM Daeja ViewONE Professional, Standard & Virtual could allow an unauthorized user to download server files resulting in...

5.3CVSS0.9AI score0.01301EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/04/03 12:0 a.m.2 views

Arbitrary File Read Vulnerability in TRS WAS at TORS Information Technology Inc.

TORS Information Technology Co. is a provider of artificial intelligence and big data technology and data services. An arbitrary file read vulnerability exists in the TRS WAS of TORS Information Technology Co. that can be exploited by an attacker to obtain sensitive information...

6.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.23 views

Security Bulletin: IBM i Integrated Web Application Server version 8.5 is affected by vulnerabilities CVE-2016-0359 and CVE-2016-2923.

Summary IBM i Integrated Web Application Server version 8.5 is affected by the following vulnerabilities CVE-2016-0359 and CVE-2016-2923. Vulnerability Details CVEID: CVE-2016-0359 DESCRIPTION: IBM WebSphere Application Server is vulnerable to HTTP response splitting attacks. A remote attacker...

7.5CVSS1.1AI score0.02348EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.36 views

Security Bulletin: IBM i Integrated Web Application Server version 8.5 is affected by multiple vulnerabilities.

Summary IBM i Integrated Web Application Server version 8.5 is affected by multiple security vulnerabilities. Vulnerability Details CVEID: CVE-2016-0385 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to bypass security restrictions caused by a buffer overflow. This...

7.8CVSS1.2AI score0.39584EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/05/30 12:0 a.m.39 views

IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.9 TLS Downgrade Vulnerability (CVE-2018-1719)

The IBM WebSphere Application Server running on the remote host is version 8.5.x prior to 8.5.5.15, or 9.0.0.x prior to 9.0.0.9. It is, therefore, potentially affected by TLS downgrade vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid125595;...

5.9CVSS6.6AI score0.02377EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/03/25 12:0 a.m.33 views

Debian DSA-4415-1 : passenger - security update

An arbitrary file read vulnerability was discovered in passenger, a web application server. A local user allowed to deploy an application to passenger, can take advantage of this flaw by creating a symlink from the REVISION file to an arbitrary file on the system and have its content displayed...

4.7CVSS5.8AI score0.00358EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:33 p.m.23 views

Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Worklight and IBM MobileFirst Platform Foundation

Summary IBM WebSphere Application Server Liberty vulnerabilities have been disclosed by IBM WebSphere Application Server Liberty . IBM WebSphere Application Server Liberty is used by IBM Worklight and IBM MobileFirst Platform Foundation. IBM Worklight and IBM MobileFirst Platform Foundation have...

6.8CVSS1AI score0.39584EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2016/03/25 3:46 p.m.23 views

Uber: CRLF Injection in developer.uber.com

The website located at https://developer.uber.com/ suffers from CRLF injection. This allows me to inject JavaScript, HTML as well as arbitrary HTTP Headers. Besides this, I can change the HTTP Response code as well, to display whatever I want in the victim's browser. The vulnerability resides in...

Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

SAP Web Application Server 6.x/7.0 Input Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18006/info SAP Web Application Server is prone to an input-validation vulnerability that results in HTTP response-splitting attacks. This issue is due to a failure in the application to properly sanitize user-supplied...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

SAP Web Application Server 6.x/7.0 frameset.htm sap-syscmd Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

SAP Web Application Server 7.0 - '/sap/bc/gui/sap/its/webgui/' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29317/info SAP Web Application Server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

SAP Web Application Server 6.x/7.0 URI Redirection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15362/info SAP Web Application Server is reported prone to a remote URI redirection vulnerability. It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'sap-exiturl'...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

SAP Web Application Server 6.x/7.0 Error Page XSS

No description provided by source. source: http://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Allaire JRun 3.0 Servlet DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2337/info A denial of service condition exists in the JRun web application server. Requesting multiple malformed URLs by way of the java servlet, will cause the JRun application server to stop responding...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2014/02/05 12:0 a.m.26 views

Fedora Update for tntnet FEDORA-2014-1619

Check for the Version of tntnet OpenVAS Vulnerability Test Fedora Update for tntnet FEDORA-2014-1619 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

5CVSS0.02504EPSS
Exploits1References2
Zero Science Lab
Zero Science Lab
added 2012/03/10 12:0 a.m.39 views

Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities

Summary Zend Server is a complete, enterprise-ready Web Application Server for running and managing PHP applications. Description Zend Server and its components suffers from a cross-site scripting vulnerability. The persistent stored XSS issues are triggered when input passed via several paramete...

6AI score
Exploits0
Packet Storm
Packet Storm
added 2012/03/10 12:0 a.m.30 views

Zend Server 5.6.0 Script Insertion

!-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zend Data Cache 4.0 Zend Job Queue 4.0 Zend Debugger 5.3 Zend Java Bridg...

7.4AI score
Exploits0
Rows per page
Query Builder