33 matches found
Exploit for CVE-2020-1938
Ghostcat - CVE-2020-1938 Exploit Lee archivos del Tomcat via AJP...
Exploit for PHP Remote File Inclusion in Synacor Zimbra_Collaboration_Suite
CVE-2025-68645 - Zimbra Path Traversal Vulnerability !Secur...
Exploit for CVE-2026-22557
CVE-2026-22557 -- UniFi Network Application Pre-Auth Path Trav...
CVE-2025-60805
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...
EUVD-2025-36544
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...
CVE-2025-60805
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...
CVE-2025-60805
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml...
CVE-2025-60805
CVE-2025-60805 affects BESSystem BES Application Server up to version 9.5.x. The issue arises from the pre-resource option in bes-web.xml, allowing unauthorized attackers to access sensitive information. Public documents consistently describe a data leakage risk via pre-resource, with remediation...
PT-2025-44196
Name of the Vulnerable Software and Affected Versions BESSystem BES Application Server versions through 9.5.x Description An issue exists that could allow unauthorized attackers to obtain sensitive information. This is due to the “pre-resource” option within the bes-web.xml file. Recommendations...
Exploit for CVE-2022-36537
CVE-2022-36537 Summary R1Soft Server Backup Manager uses t...
CVE-2022-44784
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
ZOHO ManageEngine ServiceDesk Plus 路径遍历漏洞
ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management modules...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory
For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...
CVE-2021-26086
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1...
PT-2021-16951
Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.5.14 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.6 Atlassian Jira Server and Data Center versions 8.14.0 through 8.16.1 Description The issue allows remote attacke...
UBUNTU-CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This ca...