36 matches found
CVE-2019-18283
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Plea...
Design/Logic Flaw
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The AdminService is available without authentication on the Application Server. An attacker can use methods exposed via this interface to receive password hashes of other users and to change...
Design/Logic Flaw
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Plea...
U.S. Dept Of Defense: XXE with RCE potential on the https://█████████ (CVE-2017-3548)
The security vulnerability CVE-2017-3548 was identified in the Oracle PeopleSoft application. The vulnerability allowed for the execution of XML External Entity XXE attacks, which could potentially lead to remote code execution. A proof of concept was demonstrated that created a new service on th...
Apache axis remote command execution vulnerability alerts-a vulnerability alert-the black bar safety net
Recently, convinced that the server found the Apache axis component remote command execution exploit way. The vulnerability is essentially due to the administrator for the AdminService configuration error, when enableRemoteAdmin property is set to true, the attacker can remotely use of the...
CVE-2015-7913
agserverservice.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class...
CVE-2015-7913
agserverservice.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class...
Design/Logic Flaw
agserverservice.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class...
CVE-2015-7913
agserverservice.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class...
CVE-2015-7913
CVE-2015-7913 affects Tibbo AggreGate Platform (ag_server_service.exe) prior to version 5.30.06. A local attacker can publish arbitrary Java classes via the Apache Axis AdminService deployment method, enabling code execution with SYSTEM privileges. Mitigation: update to AggreGate Platform 5.30.06...
Tibbo AggreGate SCADA/HMI Apache Axis AdminService Arbitrary Class Instantiation Privilege Escalation Vulnerability
This vulnerability allows attackers to elevate privileges on vulnerable installations of Tibbo AggreGate SCADA/HMI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Windows servi...
Code injection
The administration-panel web service in IBM System Networking Switch Center SNSC before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file...
CVE-2015-7818
The administration-panel web service in IBM System Networking Switch Center SNSC before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file...
CVE-2015-7818
CVE-2015-7818 affects IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0. The issue enables a local attacker to upload and execute a JSP file under SYSTEM privileges by exploiting the Apache Axis AdminService deployment method. Affected version detai...
Lenovo Switch Center Local Lift Vulnerability
Lenovo Switch Center formerly known as IBM System Networking Switch Center is a suite of applications used by Lenovo in China to remotely monitor and manage Ethernet converged switches. A local lift vulnerability exists in IBM System Networking Switch Center versions 7.1.3.4 and earlier and Lenov...
IBM System Networking Switch Center Local Privilege Escalation Vulnerability
This vulnerability allows local unprivileged attackers to execute arbitrary code on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC Web Service, which listens by default on...