apache vulnerabilities and exploits

NA
CVE-2019-12407

[CVE-2019-12407] Apache JSPWiki Cross-site scripting vulnerability related to the remember parameter...

NA
CVE-2019-10087

[CVE-2019-10087] Apache JSPWiki Cross-site scripting vulnerability in Page Revision History...

NA
CVE-2019-10089

[CVE-2019-10089] Apache JSPWiki Cross-site scripting vulnerability on WYSIWYG editor...

NA
CVE-2019-10090

[CVE-2019-10090] Apache JSPWiki Cross-site scripting vulnerability on plain editor...

NA
CVE-2019-12404

[CVE-2019-12404] Apache JSPWiki Cross-site scripting vulnerability on InfoContent.jsp...

4
CVSSv2
CVE-2019-16097

core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without...

7.5
CVSSv2
CVE-2018-11248

util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. If an attacker places "../" in the file name, the file can be stored in an unintended directory because of Directory Traversal....

LiulishuoFiledownloader
4
CVSSv2
CVE-2013-7330

Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions....

Jenkins
5
CVSSv2
CVE-2019-0207

Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform....

7.5
CVSSv2
CVE-2019-0195

Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the webapp's AppModule class,...