cn.net.vidyo:dylink-vidyo-ws-sdk (>=2.1.0.16.RELEASE <=3.0.0.3.RELEASE), com.aftia.plugin:aem-build-maven-plugin.core (>=1.2.1 <=1.2.2) +286 more potentially affected by CVE-2012-5784 via org.apache.axis:axis (=1.4)

org.apache.axis:axis MAVEN version =1.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.axis:axis and may be impacted: - cn.net.vidyo:dylink-vidyo-ws-sdk =2.1.0.16.RELEASE, =1.2.1, =1.0.0, =1.4-build003, =0.9.1, =0.0.3.M1, =0.0.3.M1,...

Oracle WebCenter Portal Multiple Vulnerabilities (Jul 2020 CPU)

Binary data oraclewebcenterportalcpujul2020.nbin...

Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2020 CPU)

According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.16.0, or 17.7.x through 17.12.x prior to 17.12.11.2, or 18.8.x prior to 18.8.15, or 19.12.x prior to 19.12.0.1. It is, therefore, affected by...

Oracle Tuxedo Remote Code Execution Vulnerability (Jan 2020 CPU)

The version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by a remote code execution vulnerability due to a Server Side Request Forgery SSRF vulnerability found in the Apache Axis 1.4 distribution used in the TX SALT component. %NASLMINLEVEL...

Server Side Request Forgery in Apache Axis

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

GHSA-H9GJ-RQRW-X4FQ Server Side Request Forgery in Apache Axis

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

DEBIAN-CVE-2019-0227

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

CVE-2019-0227

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

CVE-2019-0227

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

CVE-2019-0227

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...

Apache Axis 1.4 - Remote Code Execution

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apache Axis 1.4 Remote Code Execution CVE-2019-0227 https://rhinosecuritylabs.com/Application-Security/CVE-2019-0227-Expired-Domain-to-RCE-in-Apache-Axis Author: David Yesland @daveysec, Rhino...

Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or...

Oracle Human Resources Management System PeopleSoft unauthorized remote code execution vulnerability parsing-vulnerability warning-the black bar safety net

! A few months ago, I had the privilege of participating in several of Oracle's PeopleSoft construction project Safety Audit, the audit object mainly for the PeopleSoft series of Human Resources Management System, HRMS, and development tools package PeopleTool it. Throughout the online on the...

CVE-2014-3596

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subjec...

CVE-2014-3596

CVE-2014-3596 affects Apache Axis 1.4 and earlier. The getCN function fails to properly verify that the server hostname matches a domain name in the certificate’s CN or subjectAltName, enabling a man-in-the-middle to spoof SSL servers using a crafted certificate. Public advisories confirm this is...

CVE-2012-5784

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or...