85 matches found
EUVD-2012-5976
Malware in sbrugna...
EUVD-2022-2731
Malicious code in bioql PyPI...
EUVD-2022-3150
Malicious code in bioql PyPI...
EUVD-2022-1896
Malicious code in bioql PyPI...
EUVD-2022-5659
Malicious code in bioql PyPI...
Apache Axis2 1.4.1 Local File Inclusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Axis2 v1.4.1 Local File Inclusion', 'Description' = %q This module exploits an Apache Axis2 v1.4.1 local file inclusion LFI vulnerability...
Apache Axis2 Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/axis2' require 'metasploit/framework/credentialcollection' class MetasploitModule 'Apache Axis2 Brute Force Utility',...
SUSE CVE-2012-4418
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."...
Security Bulletin: IBM SPSS Modeler Premium - Text Analytics SSL Spoofing (CVE-2012-5785)
Abstract Last updated on December 11, 2012. When using the Text Analytics Server from the IBM SPSS Modeler Premium product with the SSL option enabled default is disabled, then an SSL connection can be established without verifying the hostname of the target connection against the name on the SSL...
Security Bulletin: Apache Axis2 related vulnerability for IBM Tivoli Directory Integrator (CVE-2012-5785)
Abstract Apache Axis2 SSL vulnerability for IBM Tivoli Directory Integrator Content VULNERABILITY DETAILS: DESCRIPTION: Axis2 implemented in Java is vulnerable to man-in-the-middle attacks. By extension, all applications using this library to establish SSL connections with the target servers may ...
Security Bulletin: InfoSphere Guardium Data Redaction affected by SSL vulnerability in Apache Axis2 (CVE-2012-5785)
Abstract An SSL vulnerability exists in Apache Axis which is used by InfoSphere Guardium Data Redaction to process HTTPS requests from the Redaction SOAP API . Content VULNERABILITY DETAILS: CVE ID: CVE-2012-5785 DESCRIPTION: Apache Axis2/Java, as used in multiple products, could allow a remote...
Apache Axis2 Vulnerable to XML Signature wrapping attack
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."...
Improper Input Validation in Apache Axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
GHSA-23VV-V25H-QWQW Improper Input Validation in Apache Axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
GHSA-WWQ7-PXWC-P4RC Apache Axis2 has Improper Input Validation
Apache Axis2/Java 1.7.9 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Apache Axis2 has Improper Input Validation
Apache Axis2/Java 1.7.9 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Improper Neutralization of Input During Web Page Generation in Apache Axis2
Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...
GHSA-23X8-J7HM-5XWF Improper Neutralization of Input During Web Page Generation in Apache Axis2
Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...
GHSA-66RX-GQX3-P98M Improper Authentication in Apache Axis2
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...
Improper Authentication in Apache Axis2
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...