Vulnerabilities > Jboss > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-18 | CVE-2007-6433 | Improper Input Validation vulnerability in Jboss Seam The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter. | 7.5 |
| 2007-03-02 | CVE-2007-1157 | Cross-Site Request Forgery (CSRF) vulnerability in Jboss Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733. | 7.6 |
| 2007-02-21 | CVE-2007-1036 | Permissions, Privileges, and Access Controls vulnerability in Jboss Application Server The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. | 7.5 |
| 2006-11-27 | CVE-2006-5750 | Directory Traversal vulnerability in JBoss Java Class DeploymentFileRepository Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager. | 7.5 |
| 2005-07-06 | CVE-2005-2158 | Remote Security vulnerability in Jboss Jbpm 2.0 A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845. | 7.5 |
| 2003-11-17 | CVE-2003-0845 | SQL Injection vulnerability in Jboss 3.0.8/3.2.1 Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8. | 7.5 |