Lucene search
+L

5044 matches found

CVE
CVE
added 2010/11/09 8:0 p.m.64 views

CVE-2010-4220

IBM WebSphere Application Server 7.x is vulnerable to a cross-site scripting (XSS) issue in the Integrated Solution Console and Administrative Console. The vulnerability, CVE-2010-4220, arises from improper input filtering (related to URL injection) and affects WAS 7.0 before 7.0.0.13. Remote att...

4.3CVSS5.7AI score0.01656EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2010/11/09 8:0 p.m.32 views

CVE-2010-0783

Cross-site scripting XSS vulnerability in the Administrative Console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.5AI score0.01965EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2010/09/29 12:0 a.m.30 views

IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability

The host is running IBM WebSphere Application Server and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: secpodibmwastimestampunspecifiedvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ IBM WebSphere Application Server WS-Security Policy Unspecified vulnerability Authors: Antu...

10CVSS1.1AI score0.02605EPSS
Exploits0References3
Prion
Prion
added 2010/09/21 8:0 p.m.22 views

Code injection

Unspecified vulnerability in the administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service CPU consumption via a crafted URL...

4CVSS6.4AI score0.01754EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2010/06/24 5:0 p.m.61 views

CVE-2010-0779

CVE-2010-0779 is an XSS vulnerability in IBM WebSphere Application Server (WAS) with affected versions: 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11. The issue is described as a cross-site scripting flaw in the Administration Console that allows remote attackers to inject arb...

4.3CVSS5.6AI score0.01261EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2010/06/18 6:30 p.m.26 views

CVE-2010-2327

modibmssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server WAS on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service daemon...

4.3CVSS6.4AI score0.01226EPSS
Exploits1References5
Prion
Prion
added 2010/06/18 6:30 p.m.19 views

Design/Logic Flaw

modibmssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server WAS on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service daemon...

4.3CVSS6.9AI score0.01226EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2010/06/18 6:30 p.m.20 views

Design/Logic Flaw

The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...

5CVSS6.9AI score0.01105EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2010/06/18 6:0 p.m.63 views

CVE-2010-2326

CVE-2010-2326 affects IBM WebSphere Application Server 7.0 prior to 7.0.0.11. When addNode -trace is used during node federation, an attacker can read addNode.log to obtain sensitive information about CIMMetadataCollectorImpl trace actions. Root cause is information disclosure via debugging/loggi...

4.3CVSS5.8AI score0.01086EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2010/06/18 6:0 p.m.35 views

CVE-2010-2324

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors...

6.4AI score0.01164EPSS
Exploits0References4
Cvelist
Cvelist
added 2010/06/18 6:0 p.m.31 views

CVE-2010-2326

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file...

5.7AI score0.01086EPSS
Exploits1References6
Cvelist
Cvelist
added 2010/06/18 6:0 p.m.32 views

CVE-2010-2327

modibmssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server WAS on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service daemon...

6.4AI score0.01226EPSS
Exploits1References5
Cvelist
Cvelist
added 2010/06/18 6:0 p.m.27 views

CVE-2010-2328

The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...

6.4AI score0.01105EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2010/06/10 12:0 a.m.27 views

IBM WebSphere Application Server 'addNode.log' Information Disclosure Vulnerability

IBM WebSphere Application Server WAS is prone to an information- disclosure vulnerability. A local authenticated attacker can exploit this issue to gain access to sensitive information; this may aid in further attacks. Versions prior to WAS 7.0.0.11 are vulnerable. OpenVAS Vulnerability Test $Id:...

4.3CVSS6.3AI score0.01086EPSS
Exploits1References4
Prion
Prion
added 2010/05/27 7:0 p.m.24 views

Cross site scripting

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

4CVSS6.3AI score0.02118EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2010/05/27 7:0 p.m.18 views

Cross site scripting

Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...

4.3CVSS6AI score0.01502EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2010/05/27 6:32 p.m.274 views

CVE-2010-2087

CVE-2010-2087: Oracle Mojarra 1.2_14 and 2.0.2 (as used in IBM WebSphere Application Server, Caucho Resin, and other apps) fails to properly protect an unencrypted view state. This enables remote attackers to perform cross-site scripting (XSS) or execute arbitrary Expression Language (EL) stateme...

4.3CVSS6AI score0.01502EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2010/05/27 6:32 p.m.38 views

CVE-2010-2086

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

5.9AI score0.02118EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2010/05/21 12:0 a.m.31 views

IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability

IBM WebSphere Application Server WAS is prone to an information- disclosure vulnerability. Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks. This issue affects WAS 6.0, 6.1, and 7.0. OpenVAS Vulnerability Test $Id: gbibmwebsphere40277.nas...

5CVSS6.1AI score0.01881EPSS
Exploits4References4
NVD
NVD
added 2010/05/17 10:30 p.m.30 views

CVE-2010-0774

The 1 JAX-RPC WS-Security 1.0 and 2 JAX-WS runtime implementations in IBM WebSphere Application Server WAS 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 do not properly handle WebServices PKCS7 and PKIPath tokens, which allows remote attackers to bypass intended access...

4.3CVSS6.4AI score0.01742EPSS
Exploits1References2
Rows per page
Query Builder