Filtered by vendor Getahead
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2377 | 1 Getahead | 1 Direct Web Remoting | 2024-02-14 | 5.0 MEDIUM | N/A |
| The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | |||||
| CVE-2007-0184 | 1 Getahead | 1 Direct Web Remoting | 2024-02-04 | 7.5 HIGH | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to obtain unauthorized access to public methods via a crafted request that bypasses the include/exclude checks. | |||||
| CVE-2007-0185 | 1 Getahead | 1 Direct Web Remoting | 2024-02-04 | 5.0 MEDIUM | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to cause a denial of service (memory exhaustion and servlet outage) via unknown vectors related to a large number of calls in a batch. | |||||
| CVE-2006-6916 | 1 Getahead | 1 Direct Web Remoting | 2024-02-04 | 7.5 HIGH | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." | |||||