Lucene search
+L

99 matches found

RedHat Linux
RedHat Linux
added 2015/02/11 8:18 p.m.4 views

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

3.5CVSS5.7AI score0.01739EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:16 p.m.7 views

Subsystem: Information disclosure via incorrect sensitivity classification of attribute

It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...

4CVSS5.8AI score0.0124EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:6 p.m.6 views

Subsystem: Information disclosure via incorrect sensitivity classification of attribute

It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...

4CVSS5.8AI score0.0124EPSS
Exploits0References4
NVD
NVD
added 2012/12/20 12:2 p.m.28 views

CVE-2012-3428

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

4.3CVSS6.6AI score0.0141EPSS
Exploits0References8
Prion
Prion
added 2012/12/20 12:2 p.m.24 views

Design/Logic Flaw

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

4.3CVSS7.2AI score0.0141EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2012/12/18 10:43 p.m.7 views

JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

4.3CVSS5.8AI score0.0141EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/18 10:23 p.m.4 views

JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

4.3CVSS5.8AI score0.0141EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2012/03/30 12:0 a.m.36 views

Flash Player <= 10.3.183.16 / 11.1.102.63 Multiple Memory Corruption Vulnerabilities (APSB12-07)

According to its version, the instance of Flash Player installed on the remote Windows host is 10.x equal to or earlier than 10.3.183.16 or 11.x equal to or earlier than 11.1.102.63. It is, therefore, reportedly affected by several critical memory corruption vulnerabilities : - Memory corruption...

10CVSS6.3AI score0.05944EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2012/03/30 12:0 a.m.36 views

Adobe AIR 3.x <= 3.1.0.4880 Multiple Memory Corruption Vulnerabilities (APSB12-07)

According to its version, the instance of Adobe AIR 3.x on the remote Windows host is 3.1.0.4880 or earlier and is reportedly affected by several critical memory corruption vulnerabilities : - Memory corruption vulnerabilities related to URL security domain checking. CVE-2012-0772 - A flaw in the...

10CVSS6.3AI score0.05944EPSS
Exploits1References5
Prion
Prion
added 2012/03/28 7:55 p.m.21 views

Memory corruption

An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service memory corruption via...

10CVSS8.1AI score0.05944EPSS
Exploits1References6Affected Software2
Cvelist
Cvelist
added 2012/03/28 7:0 p.m.23 views

CVE-2012-0772

An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service memory corruption via...

7.6AI score0.05944EPSS
Exploits1References6
NVD
NVD
added 2010/08/10 12:23 p.m.17 views

CVE-2010-2474

JBoss Enterprise Service Bus ESB before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service...

3.5CVSS6.9AI score0.00902EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2010/08/10 12:23 p.m.22 views

CVE-2010-2474

JBoss Enterprise Service Bus ESB before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service...

3.5CVSS5.9AI score0.00902EPSS
Exploits0References1
Cvelist
Cvelist
added 2010/08/09 8:0 p.m.21 views

CVE-2010-2474

JBoss Enterprise Service Bus ESB before 4.7 CP02 in JBoss Enterprise SOA Platform before 5.0.2 does not properly consider the security domain with which a service is secured, which might allow remote attackers to gain privileges by executing a service...

6.9AI score0.00902EPSS
Exploits0References5
myhack58
myhack58
added 2006/01/12 12:0 a.m.17 views

Network attack and Defense perception-vulnerability warning-the black bar safety net

With the current web trends, company network, school network, or even banks within the network, the application of more and more wide, and a step-by-step plays an increasingly large role. So many people aim for this piece of good cheese, so with all on the inner web of the legend. Network securit...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2004/04/09 12:0 a.m.76 views

US-CERT Technical Cyber Security Alert TA04-099A -- Vulnerability in Internet Explorer ITS Protocol Handler

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vulnerability in Internet Explorer ITS Protocol Handler Original release date: April 8, 2004 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows systems running Internet Explorer Overview A cross-domain scripting vulnerability in...

10CVSS0.4AI score0.6325EPSS
Exploits1
CVE
CVE
added 2000/03/22 5:0 a.m.48 views

CVE-2000-0156

Technical details (affected products, vulnerable components, and exploit information) are not provided in the supplied documents. Monitor for updates.

5.1CVSS7.2AI score0.12829EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2000/02/16 5:0 a.m.18 views

CVE-2000-0156

Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability...

5.1CVSS6.7AI score0.12829EPSS
Exploits0References3
Cvelist
Cvelist
added 1976/01/01 12:0 a.m.14 views

CVE-2024-37790

...

Exploits0
Rows per page
Query Builder