用友FE协作办公系统FILE协议文件读取漏洞(通杀全版本)

简要描述： 用友FE协作办公系统某处协议处理接口未过滤file://协议，导致任意文件读取漏洞,通杀全版本 详细说明： web.xml有如下配置： ProxyServletUtil fe.witmanage.service.ProxyServletUtil ProxyServletUtil /ProxyServletUtil ProxyServletUtil.java源码如下: / / public void doGetHttpServletRequest request, HttpServletResponse response throws ServletException,...

turbomail文件读取漏洞

简要描述： 登录情况下有效。 详细说明： Web.xml中有个j2me的servlet 打开反编译出来的J2MEServlet.java，有以下的代码： else if ACTIONTYPE.equals"ACTIONVIEWEMAILATTACHS" / 348 / String sessionId = dataInputStream.readUTF; / 349 / if sessionId == null / 350 / return; / / / / / 353 / String mbtype = dataInputStream.readUTF; / 354 / String...

Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability

No description provided by source. CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x and 5.0.x versions may also be...

Apache Tomcat <= 6.0.16 'RequestDispatcher' Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30494/info Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to...

Oracle Demantra 12.2.1 - Arbitrary File Disclosure

Oracle Demantra 12.2.1 - Arbitrary File Disclosure Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet...

Oracle Demantra 12.2.1 - Arbitrary File Disclosure

Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet Impact: Impact can differ based on the exploitation and...

Easy to shoot global the WEB-INF directory unauthorized access to sensitive information disclosure-vulnerability warning-the black bar safety net

The WEB-INF directory unauthorized access to the web. xml disclosure of sensitive information Detailed description: Original link http://www. epailive. com/bottomActionbottominclude. do? fileName=about. jsp fileName=not a special character, the WEB-INF directory to do the filtering Test Link...

Adobe ColdFusion Authentication Bypass (APSB13-13) (intrusive check)

The version of Adobe ColdFusion running on the remote host has an authentication bypass vulnerability. When RDS is disabled and not configured with password protection, it is possible to authenticate as an administrative user without providing a username or password. A remote, unauthenticated...

Arbitrary resource file download in urlrewrite.xml

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-26888. panel There is an arbitrary resource file download vulnerability triggered by a third party library...

Arbitrary resource file download in urlrewrite.xml

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-26888. panel There is an arbitrary resource file download vulnerability triggered by a third party library...

Arbitrary resource file download in urlrewrite.xml

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-26888. panel There is an arbitrary resource file download vulnerability triggered by a third party library...

Arbitrary resource file download in urlrewrite.xml

There is an arbitrary resource file download vulnerability triggered by a third party library org.tuckey.web.filters.urlrewrite.UrlRewriteFilter. The urlrewrite.xml rules file shows the pattern that will trigger a forward rule, which is the equivelant of performing dp =...

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

Session-timeout not being respected

As per the following KB I made changes that should have seen timeout reduced to 2 minutes. https://confluence.atlassian.com/pages/viewpage.action?pageId=126910597 in /confluence/WEB-INF/web.xml code 2 code I can't force Confluence to have a session timeout. This issue has been reproduced on first...

ManageEngine Device Expert 5.6 Directory Traversal

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...

[SECURITY] CVE-2011-4367 Apache MyFaces information disclosure vulnerability

-------------------------------------------------------------------------------------------------- CVE-2011-4367: Apache MyFaces information disclosure vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: MyFaces Core 2.0.1 to 2.0.11 MyFaces Core 2.1.0 to...

Apache MyFaces - ln Information Disclosure

Apache MyFaces - ln Information Disclosure source: https://www.securityfocus.com/bid/51939/info Apache MyFaces is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The following versions...

JEECMS后台任意文件编辑漏洞and官方漏洞及拿shell

简要描述： JEECMS后台任意文件编辑漏洞以及官方的demo站、官方服务器安全问题 详细说明： 2.x后台： login/Jeecms.do 3.x后台： jeeadmin/jeecms/index.do 默认账户：admin 默认密码：password 获取tomcat密码： /jeeadmin/jeecms/template/vedit.do?root=../../conf/&name=../../conf/tomcat-users.xml 获取JDBC数据库账号密码：...

[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03057508 Version: 1 HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i NNMi for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information NOTICE: The information in...

Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys&#40;&#41; Remote SQL Injection Exploit

?php / Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration Web Service getSubKeys Remote SQL Injection Exploit tested against: Microsoft Windows Server 2003 r2 sp2 Microsoft SQL Server 2005 Express download uri:...