12 matches found
EUVD-2003-0041
Malware in sbrugna...
EUVD-2001-0179
Malware in sbrugna...
GHSA-P543-JG43-9PM5 Apache Tomcat may be started without proper security settings
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions...
Exploit for Path Traversal in Atlassian Jira_Data_Center
CVE-2021-26086 Atlassian Jira Server/Data Center 8.4.0 - Limit...
Unauthorized Access Vulnerability in Eas7 Integrated Management Platform of Tiandiweiye Technology Co.
Tiandiweiye is the world's leading intelligent security solution provider. Based on artificial intelligence, big data, cloud computing, Internet of Things and other technologies, Tiandiweiye provides intelligent video products, system solutions and high-quality technical services for public...
CVE-2017-12149
It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization. This allows an attacker to execute arbitrary code via crafted serialized data. Mitigation Secure the access to the entire http-invoker contexts by...
Ebay INC (Magento) Web Security Bug Bounty: Directory Traversal / Local File Inclusion In magento.com
Little Insight: https://wiki.magento.com was vulnerable to a directory traversal / local file inclusion vulnerability. As a result, it was possible for an attacker to load web server-readable files from the local filesystem. well this LFI very interesting for me because when i am start my work i...
Apache Tomcat 5.5.x < 5.5.30
According to its self-reported version number, the Apache Tomcat server listening on the remote host is 5.5.x prior to 5.5.30. It is, therefore, affected by multiple vulnerabilities : - An error in the access restriction on a 'ServletContext' attribute which holds the location of the work directo...
CVE-2003-0043
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file...
CVE-2001-0179
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."...
CVE-2001-0179
Allaire JRun 3.0 is affected by an information-disclosure vulnerability where remote attackers can list the contents of WEB-INF and the web.xml in WEB-INF via a malformed URL containing a dot. This is described in the CVE record and corroborated by OpenVAS information-disclosure entries referenci...
Security Bulletin (ASB01-02) JRun 3.0
Allaire posted the following security bulletin to their site recently. The online version can be found at: http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full ------------------------------------ Allaire Security Bulletin ASB01-02 JRun 3.0: Patch available for JRun malformed URI WEB-IN...