EUVD-2008-6790

Malware in sbrugna...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console.

Summary The security issue described in CVE-2024-45087 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

PT-2024-29977 · Etcd +2 · Etcd +2

Name of the Vulnerable Software and Affected Versions: Kamaji versions 1.0.0 and earlier Description: The issue arises from Kamaji using an "open at the top" range definition in RBAC for etcd roles, allowing some TCPs API servers to read, write, and delete the data of other control planes. This c...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

Security Bulletin: Multiple security vulnerabilities Affect IBM WebSphere Application Server Liberty shipped with IBM OpenPages

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable CVEs...

Fedora: Security Advisory for wangle (FEDORA-2023-7934802344)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: wangle-2023.10.16.00-1.fc38

Wangle is a library that makes it easy to build protocols, application client s, and application servers. It's like Netty + Finagle smooshed together, but in C++...

Red Hat wildfly-elytron 安全漏洞

Red Hat wildfly-elytron is the United States Red Hat Red Hat a security framework. It is used to unify security across application servers. A security vulnerability exists in Red Hat wildfly-elytron, which stems from the possibility of timing attacks through the use of insecure comparators...

Zope 安全漏洞

Zope is a set of object-oriented, open source web application servers written in the Python language by the Zope ZOPE community. A security vulnerability exists in Zope that stems from the presence of a remote code execution issue...

Oracle Coherence has an unspecified vulnerability (CNVD-2021-54688)

Oracle Coherence is a JCache-compliant in-memory distributed data grid solution for clustered applications and application servers.Oracle Coherence versions 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 An unspecified vulnerability exists in the Core component. An attacker could exploit...

Sifchain: Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation

Summary: https://sifchain.finance is using Bootstrap framework version 4.0.0 which is =4.0.0 4. Visit https://sifchain.finance/wp-content/themes/icos/assets/js/vendor/bootstrap.min.js?ver=5.7.2 5. You'll get the Bootstrap Version, Which is v4.0.0 and its vulnerable to Cross-site Scripting XSS...

HTTP Authenticated OS Command Injection (CVE-2020-17408; CVE-2020-24916; CVE-2020-25079; CVE-2020-3117; CVE-2020-7049)

A command injection vulnerability exists in web and application servers. Successful exploitation of this vulnerability could result in execution of arbitrary code on the target system...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

Design/Logic Flaw

In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize...

CVE-2019-9823

In several JetBrains IntelliJ IDEA versions, creating remote run configurations of JavaEE application servers leads to saving a cleartext record of the server credentials in the IDE configuration files. The issue has been fixed in the following versions: 2018.3.5, 2018.2.8, 2018.1.8...

CVE-2019-9872

CVE-2019-9872 affects JetBrains IntelliJ IDEA Ultimate. When creating run configurations for cloud application servers, credentials could be saved in plaintext in IDE configuration files. If the Settings Repository plugin was used to synchronize settings to a public repository, these credentials ...

CVE-2019-9872

In several versions of JetBrains IntelliJ IDEA Ultimate, creating run configurations for cloud application servers leads to saving a cleartext unencrypted record of the server credentials in the IDE configuration files. If the Settings Repository plugin was then used and configured to synchronize...

CVE-2019-9823

CVE-2019-9823 affects several JetBrains IntelliJ IDEA versions where creating remote run configurations for JavaEE application servers causes a cleartext record of server credentials to be saved in IDE configuration files. The root cause is cleartext storage of credentials within IDEA configurati...

Exploit for CVE-2005-2006

This is an open-source application server attack toolkit called clusterd. It automates the fingerprinting, reconnaissance, and exploitation phases of an application server attack. The toolkit currently supports six different application server platforms, including JBoss, ColdFusion, and WebLogic...