21 matches found
EUVD-2013-4189
Malware in sbrugna...
EUVD-2015-0310
Malware in sbrugna...
EUVD-2012-0100
Malware in sbrugna...
EUVD-2011-4499
Malware in sbrugna...
CVE-2012-5626
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation...
Important: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.11 security and bug fix update
An update is now available for Red Hat JBoss Operations Network. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Deserialization of untrusted data
The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...
CVE-2016-5422
The web console in Red Hat JBoss Operations Network JON before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request...
Design/Logic Flaw
The web console in Red Hat JBoss Operations Network JON before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request...
Red Hat JBoss Operations Network Remote Code Execution Vulnerability (CNVD-2016-06652)
Red Hat JBoss Operations Network JON is the United States Red Hat Red Hat a J2EE-based open source application server, it can deploy, manage, monitor JBoss enterprise middleware, applications and services. A remote code execution vulnerability exists in Red Hat JON. An attacker could exploit this...
CVE-2016-6330
The server in Red Hat JBoss Operations Network JON, when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an...
Deserialization of untrusted data
The server in Red Hat JBoss Operations Network JON before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization...
Red Hat JBoss Operations Network Java Object Deserialization RCE
The remote Red Hat JBoss Operations Network server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Jython library. An unauthenticated, remote attacker can exploit this, by sending specially crafted Java objects to the HTT...
Critical: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.3 security update
An update for Red Hat JBoss Operations Network 3.2.3 that fixes one security issue in the Apache commons-collections library is now available. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2015-3267
Cross-site scripting XSS vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2012-0052
Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name...
CVE-2012-0062
Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token...
CVE-2012-0052
Red Hat JBoss Operations Network JON before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name...
Authentication flaw
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the 1 server and 2 agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files...
CVE-2013-4293
The server in Red Hat JBoss Operations Network JON 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files...