139 matches found
CVE-2018-12411
The administrative daemon tibdgadmind of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery CSRF attacks...
Cross site request forgery (csrf)
The realm server tibrealmserver component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery CSRF attacks. Affected releases are TIBCO...
TIBCO Security Advisory: November 6, 2018 - TIBCOActiveSpaces
TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks Original release date: November 6, 2018 Last revised: CVE-2018-12411 Source: TIBCOSoftware Inc. TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks Original release date: November 6, 2018 Last revised: Source: TIB...
CVE-2017-3181
Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit laten...
Security Bulletin: IBM Platform Symphony (CVE-2013-5400)
Summary This bulletin relates to a potential elevation of privilege vulnerability when IBM Platform Symphony Developer Edition is installed in a networked environment. Vulnerability Details CVE ID: CVE-2013-5400 DESCRIPTION: IBM Platform Symphony Developer Edition installation includes a servlet...
IBM Open Admin Tool SOAP welcomeServer PHP Command Injection
Added: 09/27/2017 CVE: CVE-2017-1092 BID: 98615 Background IBM Informix Dynamic Server IDS is an online transaction processing OLTP data server for enterprise and workgroup computing. Open Admin Tool OAT is an open source, platform-independent tool providing a graphical interface for administrati...
CVE-2017-5176
A DLL Hijack issue was discovered in Rockwell Automation Connected Components Workbench CCW. The following versions are affected: Connected Components Workbench - Developer Edition, v9.01.00 and earlier: 9328-CCWDEVENE, 9328-CCWDEVZHE, 9328-CCWDEVFRE, 9328-CCWDEVITE, 9328-CCWDEVDEE, 9328-CCWDEVES...
SAP HANA Developer Edition DB Eval Injection Vulnerability
SAP HANA is a high-performance real-time data analytics platform from SAP, Germany, of which SAP HANA Developer Edition DB is a development version of the database. An Eval injection vulnerability exists in the test-net.xsjs file in the Web-based Development Workbench for SAP HANA Developer Editi...
CVE-2015-7729
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...
CVE-2015-7729
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...
CVE-2015-7729
CVE-2015-7729 affects SAP HANA Developer Edition DB Web-based Development Workbench, specifically the file test-net.xsjs . The vulnerability is an eval injection that allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors. This is associated with SAP Security Not...
CVE-2015-2072
Multiple cross-site scripting XSS vulnerabilities in SAP HANA 73 1.00.73.00.389160 and HANA Developer Edition 80 1.00.80.00.391861 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or 2...
CVE-2014-8314
CVE-2014-8314 affects SAP HANA Developer Edition Revision 70 with two reflected XSS vectors in the democontent: epm/admin/DataGen.xsjs and epm/services/multiply.xsjs, enabling remote attackers to inject arbitrary web script or HTML via unspecified vectors. The NVD entry rates the impact as partia...
WebMaster ConferenceRoom 1.8 Developer Edition DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2178/info WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation...
Hardcoded credentials
An unspecified servlet in IBM Platform Symphony Developer Edition DE 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors...
Heap overflow
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service daemon crash via a long 1 username, 2...
CVE-2008-0912
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service daemon crash via a long 1 username, 2...
CVE-2008-0912
CVE-2008-0912 is a vulnerability in Sybase MobiLink (mlsrv10.exe) affecting 10.0.1.3629 and earlier, used by SQL Anywhere Developer Edition 10.0.1.3415 and possibly other products. The issue: multiple heap-based buffer overflows triggered by processing overly long strings (username, version, remo...
Vulnerable: Conference Room Professional-Developer Edititon.
Vulnerable: Conference Room Professional-Developer Edititon. www.webmaster.com Only tested on Windows NT 4.0 sp6a and Windows 2000 pro. Conference Room 1.8.1x or older versions are subject to a DoS attack when following commands are used. Make to connections to the irc server second being the clo...