CVSS: 9.1EPSS: 59%CPEs: 72EXPL: 1CVE-2012-0551 – Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0551
03 May 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. Vulnerabilidad no especificada en el componente GlassFish Enterprise Server en Oracle Sun Products Suite GlassFish Enterprise Server v3.1.1 perm... • https://www.exploit-db.com/exploits/18764 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3564
https://notcve.org/view.php?id=CVE-2011-3564
18 Jan 2012 — Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle GlassFish Enterprise Server v2.1.1 permite a usuarios locales afectar a la confidencialidad de la información a través de vectores desconocidos relacionados con la Administración. • http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0081
https://notcve.org/view.php?id=CVE-2012-0081
18 Jan 2012 — Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle GlassFish Enterprise Server v3.1.1 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad de la información a través de vectores desconocidos relacionados con la Administración. • http://osvdb.org/78415 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0104
https://notcve.org/view.php?id=CVE-2012-0104
18 Jan 2012 — Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container. Vulnerabilidad no especificada en Oracle GlassFish Enterprise Server v3.0.1 y v3.1.1 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con el contenedor web. • http://osvdb.org/78417 •
CVSS: 7.5EPSS: 52%CPEs: 3EXPL: 2CVE-2011-5035 – MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5035
30 Dec 2011 — Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Oracle Glassfish 2.1.1, 3.0.1 y 3.1.1, tal como se utiliza en Communications Server 2.0, Sun... • https://packetstorm.news/files/id/180523 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2011-3559
https://notcve.org/view.php?id=CVE-2011-3559
18 Oct 2011 — Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container. Vulnerabilidad no especificada en Oracle Communications Server v2.0, GlassFish Enterprise Server v2.1.1, v3.0.1, y v3.1.1, y Sun Java System App Server v8.1 y v8.2 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relaci... • http://osvdb.org/76476 •
CVSS: 10.0EPSS: 88%CPEs: 4EXPL: 2CVE-2011-0807 – Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0807
19 Apr 2011 — Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle Sun GlassFish Enterprise Server v2.1, v2.1.1 y v3.0.1, y Sun Java System Application Server v9.1, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desc... • https://packetstorm.news/files/id/181110 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4438
https://notcve.org/view.php?id=CVE-2010-4438
19 Jan 2011 — Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS). Vulnerabilidad no especificada en Oracle GlassFish v2.1, v2.1.1 y v3.0.1, y Java System Message Queue v4.1 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con Java Message Service (JMS). • http://osvdb.org/70572 •
CVSS: 2.4EPSS: 0%CPEs: 4EXPL: 0CVE-2010-2397
https://notcve.org/view.php?id=CVE-2010-2397
13 Jul 2010 — Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI. Vulnerabilidad no especificada en Oracle Sun Java System Application Server v8.0, v8.1, y v8.2; y GlassFish Enterprise Server v2.1.1; permite a usuarios locales afectar la confidencialidad e integridad, relacionado con el GUI. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 11CVE-2009-1553 – GlassFish Enterprise Server 2.1 - Admin Console '/configuration/auditModuleEdit.jsf?name' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1553
06 May 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, ... • https://www.exploit-db.com/exploits/32980 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •