5615 matches found
CVE-2005-4413
Multiple cross-site scripting XSS vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the 1 E-mail address field to a PlantsByWebSphere/login.jsp, 2 message field to b TechnologySample/BulletinBoard Script, 3...
CVE-2005-4413
Multiple cross-site scripting XSS vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the 1 E-mail address field to a PlantsByWebSphere/login.jsp, 2 message field to b TechnologySample/BulletinBoard Script, 3...
ibm_css.txt
----------------------------------------------------------- + IBM WEBSPHERE 6 Sample scripts Cross site scripting + ----------------------------------------------------------- Release Date: 12/12/2005 Severity: low Product:...
[SA17658] IBM WebSphere Application Server for z/OS Double-Free Vulnerability
TITLE: IBM WebSphere Application Server for z/OS Double-Free Vulnerability SECUNIA ADVISORY ID: SA17658 VERIFY ADVISORY: http://secunia.com/advisories/17658/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: From remote SOFTWARE: IBM WebSphere Application Server 5.x...
CVE-2005-3760
Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service ABEND...
CVE-2005-3760
Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service ABEND...
CVE-2005-3498
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive informatio...
CVE-2005-3498
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive informatio...
CVE-2005-2091
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle an...
[AppSecInc Advisory WEBSP05-V0098] Remote Buffer overflow in WebSphere Application Server Administrative Console
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote Buffer overflow in WebSphere Application Server Administrative Console AppSecInc Team SHATTER Security Advisory WEBSP05-V0098 http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html June 07, 2005 Risk level: HIGH Credits: This...
CVE-2005-1872
Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code...
CVE-2005-1872
The CVE-2005-1872 entry covers a buffer overflow in the administrative console of IBM WebSphere Application Server 5.x when global security is enabled. The related advisory materials describe improper validation of user-supplied input in the authentication process, which can allow remote attacker...
CVE-2005-1872
Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code...
CVE-2005-0425
Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages .jsp via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine...
IBM WebSphere application server information leak
It's possible to obtain JSP page source code by requesting non-existing virtual host...
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure
It is possible to make the remote web server disclose the source code of its JSP pages by requesting the pages with a nonexistent hostname in the HTTP 'Host' header request when WebSphere Application is sharing the document root of the web server. An attacker may use this flaw to get the source...
IBM Websphere 5.0/5.1/6.0 - Application Server Web Server Root JSP Source Code Disclosure
source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handle various requests under certain circumstances. It should be noted that thi...
IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure
IBM Websphere 5.05.16.0 - Application Server Web Server Root JSP Source Code Disclosure source: https://www.securityfocus.com/bid/13160/info A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to...
IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure
The remote host is running a version of IBM WebSphere Commerce that may allow an attacker to conduct a brute-force attack against users who have recently had their passwords invalidated in WebSphere Commerce and uncover private information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
IBM WebSphere 'ResetPassword' Information Disclosure
Binary data 2712.prm...