-
Notifications
You must be signed in to change notification settings - Fork 87
/
misc-apache-osvdbs.txt
168 lines (168 loc) · 15.2 KB
/
misc-apache-osvdbs.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
http://osvdb.org/58658 : Apache Rampart Crafted SOAP Request Security Verification Bypass
http://osvdb.org/58660 : Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
http://osvdb.org/58661 : Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
http://osvdb.org/58662 : Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
http://osvdb.org/58663 : Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
http://osvdb.org/58664 : Apache Jetspeed EditAccount.vm Password Modification Weakness
http://osvdb.org/58665 : Apache Jetspeed Turbine: Cross-user Privileged Action Execution
http://osvdb.org/58666 : Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
http://osvdb.org/58667 : Apache Roller Database Cleartext Passwords Disclosure
http://osvdb.org/58668 : Apache Axis XXE (Xml eXternal Entity) Parsing Privilege Escalation
http://osvdb.org/58669 : Apache Jetspeed LDAP Cleartext Passwords Disclosure
http://osvdb.org/58670 : Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
http://osvdb.org/58671 : Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
http://osvdb.org/58672 : Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
http://osvdb.org/58673 : Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
http://osvdb.org/58674 : Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
http://osvdb.org/58675 : Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
http://osvdb.org/58684 : Apache Jetspeed controls.Customize Action Security Check Bypass
http://osvdb.org/58685 : Apache Velocity Template Designer Privileged Code Execution
http://osvdb.org/58686 : Apache Cocoon Temporary File Creation Unspecified Race Condition
http://osvdb.org/58687 : Apache Axis Invalid wsdl Request XSS
http://osvdb.org/58688 : Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
http://osvdb.org/58689 : Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
http://osvdb.org/58692 : Apache Geronimo Default Security Realm Login Brute Force Weakness
http://osvdb.org/58693 : Apache Derby service.properties File Encryption Key Information Disclosure
http://osvdb.org/58694 : Apache Geronimo Deploy Tool Process List Local Credential Disclosure
http://osvdb.org/58695 : Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
http://osvdb.org/58696 : Apache Tapestry Encoded Traversal Arbitrary File Access
http://osvdb.org/58697 : Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
http://osvdb.org/58698 : Apache Roller Remember Me Functionality Cleartext Password Disclosure
http://osvdb.org/58699 : Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
http://osvdb.org/58700 : Apache MyFaces /faces/* Path Handling Remote Overflow DoS
http://osvdb.org/58701 : Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
http://osvdb.org/58702 : Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
http://osvdb.org/58703 : Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
http://osvdb.org/58704 : Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
http://osvdb.org/58705 : Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
http://osvdb.org/58706 : Apache HttpClient Preemptive Authorization Remote Credential Disclosure
http://osvdb.org/58707 : Apache WSS4j Crafted PasswordDigest Request Authentication Bypass
http://osvdb.org/58716 : Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
http://osvdb.org/58717 : Apache Jetspeed Portlet Application Edit Access Restriction Bypass
http://osvdb.org/58718 : Apache Geronimo Deployment Plans Remote Password Disclosure
http://osvdb.org/58719 : Apache Geronimo Keystore Unprivileged Service Disable DoS
http://osvdb.org/58720 : Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
http://osvdb.org/58721 : Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
http://osvdb.org/58722 : Apache Derby Connection URL Encryption Method Reversion Weakness
http://osvdb.org/58723 : Apache Roller User Profile / Admin Page Cleartext Password Disclosure
http://osvdb.org/58724 : Apache Roller Logout Functionality Failure Session Persistence
http://osvdb.org/58725 : Apache Tapestry Basic String ACL Bypass Weakness
http://osvdb.org/58731 : Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
http://osvdb.org/58732 : Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
http://osvdb.org/58733 : Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
http://osvdb.org/58734 : Apache Torque Log File Cleartext Credential Local Disclosure
http://osvdb.org/58735 : Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
http://osvdb.org/58737 : Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
http://osvdb.org/58738 : Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
http://osvdb.org/58739 : Apache Open For Business Project (OFBiz) Unsalted Password Weakness
http://osvdb.org/58740 : Apache Rampart TransportBinding Message Payload Cleartext Disclosure
http://osvdb.org/58741 : Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
http://osvdb.org/58742 : Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
http://osvdb.org/58743 : Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
http://osvdb.org/58744 : Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
http://osvdb.org/58746 : Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
http://osvdb.org/58747 : Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
http://osvdb.org/58748 : Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
http://osvdb.org/58749 : Apache MyFaces Trinidad Database Access Error Message Information Disclosure
http://osvdb.org/58750 : Apache MyFaces Trinidad Generated HTML Information Disclosure
http://osvdb.org/58751 : Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
http://osvdb.org/58754 : Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
http://osvdb.org/58755 : Apache Harmony DRLVM Non-public Class Member Access
http://osvdb.org/58756 : Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
http://osvdb.org/58757 : Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
http://osvdb.org/58758 : Apache River GrantPermission Policy Manipulation Privilege Escalation
http://osvdb.org/58759 : Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
http://osvdb.org/58760 : Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
http://osvdb.org/58761 : Apache JSPWiki Wiki.jsp skin Parameter XSS
http://osvdb.org/58762 : Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
http://osvdb.org/58763 : Apache JSPWiki Include Tag Multiple Script XSS
http://osvdb.org/58764 : Apache JSPWiki Edit.jsp Multiple Parameter XSS
http://osvdb.org/58765 : Apache JSPWiki Spam Filter UniqueID RNG Weakness
http://osvdb.org/58766 : Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
http://osvdb.org/58767 : Apache JSPWiki Authentication Error Message Information Disclosure
http://osvdb.org/58768 : Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
http://osvdb.org/58769 : Apache JSPWiki Database Connection Termination DoS Weakness
http://osvdb.org/58770 : Apache JSPWiki Group.jsp group Parameter XSS
http://osvdb.org/58771 : Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
http://osvdb.org/58772 : Apache JSPWiki EditorManager.java editor Parameter XSS
http://osvdb.org/58773 : Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
http://osvdb.org/58774 : Apache JSPWiki Edit.jsp Multiple Parameter XSS
http://osvdb.org/58775 : Apache JSPWiki preview.jsp action Parameter XSS
http://osvdb.org/58776 : Apache JSPWiki PreviewContent.jsp Edited Text XSS
http://osvdb.org/58789 : Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
http://osvdb.org/58790 : Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
http://osvdb.org/58791 : Apache Synapse synapse.properties Cleartext Credential Local Disclosure
http://osvdb.org/58792 : Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
http://osvdb.org/58793 : Apache Hadoop mapred.system.dir Permission Weakness Job Manipulation
http://osvdb.org/58794 : Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
http://osvdb.org/58795 : Apache Rampart Crafted SOAP Header Authentication Bypass
http://osvdb.org/58796 : Apache Jetspeed Unsalted Password Weakness
http://osvdb.org/58797 : Apache Jetspeed Password Policy Multiple Weaknesses
http://osvdb.org/58798 : Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
http://osvdb.org/58799 : Apache Tapestry Logging Cleartext Password Disclosure
http://osvdb.org/58800 : Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
http://osvdb.org/58801 : Apache ActiveMQ Stomp Client Credential Validation Bypass
http://osvdb.org/58802 : Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
http://osvdb.org/58803 : Apache Wicket Session Fixation
http://osvdb.org/58804 : Apache Wicket Header Contribution Unspecified Issue
http://osvdb.org/58805 : Apache Derby Unauthenticated Network Server Shutdown DoS
http://osvdb.org/58806 : Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
http://osvdb.org/58807 : Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
http://osvdb.org/58808 : Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
http://osvdb.org/58809 : Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
http://osvdb.org/58810 : Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
http://osvdb.org/58811 : Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
http://osvdb.org/58812 : Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
http://osvdb.org/58813 : Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
http://osvdb.org/58837 : Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
http://osvdb.org/58973 : Apache Tuscany Crafted SOAP Request Access Restriction Bypass
http://osvdb.org/58974 : Apache Sling /apps Script User Session Management Access Weakness
http://osvdb.org/58975 : Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
http://osvdb.org/58976 : Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
http://osvdb.org/58977 : Apache Open For Business Project (OFBiz) Multiple Default Accounts
http://osvdb.org/58978 : Apache MyFaces Trinidad LocaleInfoScriptlet XSS
http://osvdb.org/58979 : Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
http://osvdb.org/58980 : Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
http://osvdb.org/58981 : Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
http://osvdb.org/58982 : Apache Synapse Proxy Service Security Policy Mismatch Weakness
http://osvdb.org/58983 : Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
http://osvdb.org/58984 : Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
http://osvdb.org/58985 : Apache Qpid Process Listing Local Cleartext Password Disclosure
http://osvdb.org/58986 : Apache Qpid Encrypted Message Handling Remote Overflow DoS
http://osvdb.org/58987 : Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
http://osvdb.org/58988 : Apache Hadoop Chukwa HICC Portal Unspecified XSS
http://osvdb.org/58989 : Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
http://osvdb.org/58990 : Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
http://osvdb.org/58991 : Apache Hadoop browseDirectory.jsp XSS
http://osvdb.org/58992 : Apache Hadoop tail.jsp XSS
http://osvdb.org/58993 : Apache Hadoop browseBlock.jsp XSS
http://osvdb.org/58994 : Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
http://osvdb.org/58995 : Apache Hadoop Map/Reduce Task Ownership Weakness
http://osvdb.org/58996 : Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
http://osvdb.org/58997 : Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
http://osvdb.org/58998 : Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
http://osvdb.org/58999 : Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
http://osvdb.org/59000 : Apache CXF Unsigned Message Policy Bypass
http://osvdb.org/59001 : Apache Axis2 WSInsane xsd Parameter Traversal Arbitrary File Disclosure
http://osvdb.org/59002 : Apache Jetspeed default-page.psml URI XSS
http://osvdb.org/59003 : Apache HttpClient POST Request Handling Memory Consumption DoS
http://osvdb.org/59004 : Apache Beehive Error Message XSS
http://osvdb.org/59005 : Apache Beehive jpfScopeID Global Parameter XSS
http://osvdb.org/59006 : Apache Beehive select / checkbox Tag XSS
http://osvdb.org/59007 : Apache Solr schema.jsp Multiple Parameter XSS
http://osvdb.org/59008 : Apache Solr analysis.jsp XSS
http://osvdb.org/59009 : Apache Solr action.jsp XSS
http://osvdb.org/59010 : Apache Solr get-file.jsp XSS
http://osvdb.org/59011 : Apache JSPWiki Page Attachment Change Note Function XSS
http://osvdb.org/59012 : Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
http://osvdb.org/59013 : Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
http://osvdb.org/59018 : Apache Harmony Error Message Handling Overflow
http://osvdb.org/59019 : Apache mod_python Cookie Salting Weakness
http://osvdb.org/59020 : Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
http://osvdb.org/59021 : Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
http://osvdb.org/59022 : Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
http://osvdb.org/59944 : Apache Hadoop jobhistory.jsp XSS
http://osvdb.org/60677 : Apache CouchDB Unspecified Document Handling Remote DoS
http://osvdb.org/60678 : Apache Roller Comment Email Notification Manipulation DoS
http://osvdb.org/60679 : Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
http://osvdb.org/60680 : Apache Hadoop JobHistory Job Name Manipulation Weakness