752 matches found
Design/Logic Flaw
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain...
Design/Logic Flaw
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access...
Design/Logic Flaw
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session cookies by sniffing the network...
CVE-2013-4025
CVE-2013-4025 affects IBM Data Studio Web Console (3.x before 3.2), Optim Performance Manager (5.x before 5.2), InfoSphere Optim Configuration Manager (2.x before 2.2), and DB2 Recovery Expert (2.x). The root cause is lack of an off autocomplete attribute on the login-password field, enabling an ...
CVE-2013-4022
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenticated users to bypass intended access...
CVE-2013-4022
CVE-2013-4022 affects IBM Data Studio Web Console, Optim Performance Manager, IBM InfoSphere Optim Configuration Manager, and DB2 Recovery Expert. A flaw stores unspecified authentication information in cookies, enabling remote authenticated users to bypass access restrictions via unknown vectors...
CVE-2013-4024
CVE-2013-4024 affects IBM Data Studio Web Console (3.x before 3.2), Optim Performance Manager (5.x before 5.2), InfoSphere Optim Configuration Manager (2.x before 2.2), and DB2 Recovery Expert (2.x). The issue arises from the Web Console serving over HTTP, allowing remote attackers to read sessio...
CVE-2013-0935
EMC Smarts Network Configuration Manager NCM before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors...
Nagios XI 2012R1.5b XSS / Command Execution / SQL Injection / CSRF
Nagios XI version 2012R1.5b suffers from cross site request forgery, cross site scripting, remote command injection, and remote SQL injection vulnerabilities. Reflected XSS: Alert Cloud Component: Example URL: http://nagiosxiserver/nagiosxi/includes/components/alertcloud/index.php?width=800";...
EMC Smarts Network Configuration Manager security vulnerabilities
Hardcoded ecnryption key, default unauthenticated connections...
CVE-2012-4614
CVE-2012-4614 affects EMC Smarts Network Configuration Manager (NCM) prior to version 9.1. The default NCM configuration allows unauthenticated access to the NCM database, enabling remote attackers to interact via the network (impact described as complete confidentiality/integrity/availability). ...
Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
This host is missing an important security update according to Microsoft Bulletin MS12-062. OpenVAS Vulnerability Test $Id: secpodms12-062.nasl 6520 2017-07-04 14:28:49Z cfischer $ Microsoft System Center Configuration Manager XSS Vulnerability 2741528 Authors: Rachana Shetty Copyright: Copyright...
Microsoft System Center Configuration Manager跨站脚本执行漏洞(MS12-062)
BUGTRAQ ID: 55430 CVE ID: CVE-2012-2536 系统中心配置管理器2007 R2(System Center Configuration Manager 2007 R2)—以前被称为 Systems Management Server SMS —是在物理、虚拟、分布以及移动环境之间综合评估、配置和升级服务器、客户端和设备的解决方案。 System Center Configuration Manager中存在XSS漏洞,代码可被反注入到用户的结果页面,导致单击后执行攻击者控制的代码。 0 Microsoft Systems Management Serve...
Microsoft System Center Configuration Manager Version Detection
Detects the installed version of Microsoft System Center Configuration Manager. The script logs in via smb, searches for Microsoft System Center Configuration Manager in the registry and gets the version from SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from...
Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
This host is missing an important security update according to Microsoft Bulletin MS12-062. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2012-2536
Cross-site scripting XSS vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."...
Cross site scripting
Cross-site scripting XSS vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."...
CVE-2012-2536
Cross-site scripting XSS vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."...
MS12-062: Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)
The version of Microsoft System Center Configuration Manager, formerly known as Systems Management Server, installed on the remote host is potentially affected by a reflected cross-site scripting vulnerability. By tricking a user into clicking a specially crafted link, an attacker could gain...
MS12-062: Vulnerability in System Center Configuration Manager could allow elevation of privilege: September 11, 2012
Resolves a vulnerability in Microsoft System Center Configuration Manager that could allow elevation of privilege if a user visits an affected website by way of a specially crafted URL.INTRODUCTIONMicrosoft has released security bulletin MS12-062. To view the complete security bulletin, go to one...