![]() This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. Necessarily indicate when this vulnerability wasĭiscovered, shared with the affected vendor, publicly The CVE ID was allocated or reserved, and does not The list is not intended to be complete.ĭisclaimer: The record creation date may reflect when Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. GlassFish Server 4. "Apache ActiveMQ 5.x-5.11.Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. "OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)" Product Version NetBeans IDE 8.1 GlassFish Server Open Source Edition 4.1 I have a very simple web application created with Netbeans 7.0.1 which includes only a RESTful Webservice. The supported version under Oracle was called Oracle GlassFish Server. GlassFish Server HTTP Status 404 - Not Found. "PHP-FPM - Underflow Remote Code Execution (Metasploit)" GlassFish is an open-source Jakarta EE platform application server project started by Sun Microsystems, then sponsored by Oracle Corporation, and now living at the Eclipse Foundation and supported by Payara, Oracle and Red Hat. "Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)" "Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)" "Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)" "Nagios XI - Authenticated Remote Command Execution (Metasploit)" "PHPStudy - Backdoor Remote Code execution (Metasploit)" "ManageEngine Desktop Central - Java Deserialization (Metasploit)" ![]() ![]() "Rconfig 3.x - Chained Remote Code Execution (Metasploit)" "SharePoint Workflows - XOML Injection (Metasploit)" "DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit)" "Redis - Replication Code Execution (Metasploit)" "IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)" "ThinkPHP - Multiple PHP Injection RCEs (Metasploit)" "TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)" "Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)" "Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)" "PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)" Download GlassFish 4.1.2 for Windows Create and deploy Java EE web-based applications using this HTML5-compliant server that uses a simple programming model. "DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)" "Apache Solr - Remote Code Execution via Velocity Template (Metasploit)" "VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)" "Nexus Repository Manager - Java EL Injection RCE (Metasploit)" Oracle, GlassFish Server Open Source Edition 4. "Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)" "Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit)" "Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)" "Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)" "WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)" "Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)" "EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path" HTTP/1.1 404 Not Found Server: GlassFish Server Open Source Edition 4.1.1 X-Powered-By: Servlet/3.1 JSP/2.3 (GlassFish Server Open Source Edition 4.1.1. "10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)" "Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path" "Pearson Vue VTS Installer - VUEApplicationWrapper Unquoted Service Path" "Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path" "Microsoft Windows - Win32k Elevation of Privilege" Security considerations, particularly when using the integrated software encryption, will impact hardware sizing and capacity planning. It also supports integration of hardware encryption cards for even higher performance. "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" The GlassFish Server supports SSL 2.0 and 3.0 and contains software support for various cipher suites. "ChurchCRM 4.2.0 - CSV/Formula Injection" No rate Limit on Password Reset functionality" "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" "DotCMS 20.11 - Stored Cross-Site Scripting" "Mitel mitel-cs018 - Call Data Information Disclosure" "NewsLister - Authenticated Persistent Cross-Site Scripting" "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" # This module requires Metasploit: # Current source: # class MetasploitModule 'Path Traversal in Oracle GlassFish Server Open Source Edition', 'Description' => % q " ) end end
0 Comments
Leave a Reply. |