Lucene search
+L

5044 matches found

exploitpack
exploitpack
added 2009/02/26 12:0 a.m.9 views

IBM Websphere Application Server 6.17.0 - Administrative Console Cross-Site Scripting

IBM Websphere Application Server 6.17.0 - Administrative Console Cross-Site Scripting source: https://www.securityfocus.com/bid/34001/info IBM WebSphere Application Server WAS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker m...

6.8AI score
Exploits0
CVE
CVE
added 2009/02/17 5:0 p.m.50 views

CVE-2009-0504

The CVE-2009-0504 issue affects IBM WebSphere Application Server 7.0.x (Web Services/WSPolicy). Before version 7.0.0.1, WSPolicy does not correctly recognize IDAssertion.isUsed, enabling local users to read a SOAP message and discover a password. The NVD entry notes a LOW impact with LOCAL access...

2.1CVSS6.4AI score0.00347EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2009/02/10 10:30 p.m.21 views

Information disclosure

The Installation Factory installation process for IBM WebSphere Application Server WAS 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file...

1.9CVSS6.1AI score0.00274EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2009/02/10 10:30 p.m.23 views

CVE-2009-0432

The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server WAS 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors...

5CVSS6AI score0.01898EPSS
Exploits0References4
Prion
Prion
added 2009/02/10 10:30 p.m.19 views

Code injection

The 1 modibmssl and 2 modcgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server WAS, set incorrect permissions for AFUNIX sockets, which has unknown impact and local attack vectors...

7.2CVSS6.7AI score0.00372EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2009/02/10 10:13 p.m.27 views

CVE-2009-0435

Unspecified vulnerability in the IBM Asynchronous I/O aka AIO or libibmaio library in the Java Message Service JMS component in IBM WebSphere Application Server WAS 6.1.x before 6.1.0.17 on AIX 5.3 allows attackers to cause a denial of service daemon crash via vectors related to the aiogetioev2 a...

6.3AI score0.01674EPSS
Exploits0References4
CVE
CVE
added 2009/02/10 10:13 p.m.55 views

CVE-2009-0436

CVE-2009-0436 affects IBM HTTP Server integrated with WebSphere (was 6.0.x prior to 6.0.2.31; 6.1.x prior to 6.1.0.19). The mod_ibm_ssl and mod_cgid modules set incorrect permissions on AF_UNIX sockets. Impact is described as unknown and local access vectors are indicated; no public exploit detai...

7.2CVSS6.4AI score0.00372EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2009/02/10 10:13 p.m.60 views

CVE-2009-0435

IBM WebSphere Application Server 6.1.x on AIX 5.3 is affected by a denial-of-service vulnerability in the IBM JMS AIO/libibmaio library (aio_getioev2 and getEvent). The issue exists in WAS 6.1.x before 6.1.0.17 and can cause a daemon crash. Remediation: upgrade to WAS 6.1.0.17 or later Fix Pack t...

5CVSS6.5AI score0.01674EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2009/02/02 10:30 p.m.17 views

Code injection

Unspecified vulnerability in IBM WebSphere Application Server WAS 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors...

7.8CVSS6.8AI score0.01406EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2008/12/10 12:30 a.m.18 views

Security feature bypass

Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server WAS 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken."...

10CVSS6.5AI score0.02266EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/09/17 12:0 a.m.20 views

IBM WebSphere Application Server 6.1 < Fix Pack 19 Unspecified Vulnerability

Binary data 4685.prm...

10CVSS7.3AI score0.03302EPSS
Exploits0References11
NVD
NVD
added 2008/07/21 4:41 p.m.22 views

CVE-2008-3236

Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted...

5CVSS5.7AI score0.01305EPSS
Exploits0References8
Prion
Prion
added 2008/07/21 4:41 p.m.19 views

Information disclosure

Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted...

5CVSS6.2AI score0.01305EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2008/07/21 4:41 p.m.18 views

CVE-2008-3235

Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server WAS 5.1 before 5.1.1.19 has unknown impact and attack vectors...

10CVSS6.4AI score0.01769EPSS
Exploits0References6
Cvelist
Cvelist
added 2008/07/21 4:0 p.m.28 views

CVE-2008-3236

Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted...

5.7AI score0.01305EPSS
Exploits0References8
CVE
CVE
added 2008/07/21 4:0 p.m.58 views

CVE-2008-3236

The vulnerability CVE-2008-3236 affects IBM WebSphere Application Server (WAS) 5.1 and earlier, in the Wsadmin within the System Management/Repository component. The root cause is that previously encrypted properties were not actually encrypted, enabling an attacker to obtain sensitive informatio...

5CVSS5.7AI score0.01305EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2008/06/04 8:0 p.m.58 views

CVE-2008-2550

IBM WebSphere Application Server 6.1 prior to 6.1.0.17 is affected by a vulnerability in the Web Services Security SOAP header attribute, with unspecified impact and attack vectors. The issue is associated with CVE-2008-2550. Public references note the vulnerability exists in WAS 6.1 before Fix P...

5CVSS6.2AI score0.01639EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2008/02/13 12:0 a.m.26 views

CVE-2008-0741

Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server WAS before 6.0.2 Fix Pack 25 6.0.2.25 has unknown impact and attack vectors...

6.4AI score0.01769EPSS
Exploits0References6
NVD
NVD
added 2007/11/14 1:46 a.m.35 views

CVE-2007-5944

Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...

4.3CVSS5.3AI score0.01786EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2007/11/07 12:0 a.m.27 views

IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities

The version of IBM WebSphere Application installed on the remote host fails to sanitize input to the 'keyField', 'nameField', 'valueField', and 'frameReturn' parameters of the 'uddigui/navigateTree.do' script before using it to generate dynamic content. An unauthenticated remote attacker may be...

4.3CVSS5.7AI score0.01263EPSS
Exploits0References3
Rows per page
Query Builder