Lucene search
K

9873 matches found

NVD
NVD
added 2013/11/18 5:23 a.m.26 views

CVE-2013-5414

The migration functionality in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in...

3.5CVSS6.2AI score0.01457EPSS
Exploits0References3
NVD
NVD
added 2013/11/18 5:23 a.m.23 views

CVE-2013-5418

Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5AI score0.01449EPSS
Exploits0References4
Prion
Prion
added 2013/11/18 5:23 a.m.21 views

Design/Logic Flaw

IBM WebSphere Application Server WAS Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations...

4.3CVSS6AI score0.01313EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/11/16 3:0 p.m.72 views

CVE-2013-5414

CVE-2013-5414 affects IBM WebSphere Application Server (versions 8.5, 8.0, 7) where the migration from 6.1+ can leave adminsecmanager users with elevated privileges due to incorrect assignment of admin/adminsecmanager roles. Consequence: existing users could gain privileges post-migration. remedi...

3.5CVSS8.9AI score0.01457EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/11/16 3:0 p.m.63 views

CVE-2013-4006

CVE-2013-4006 affects IBM WebSphere Application Server Liberty Profile 8.5 (before 8.5.5.1). The vulnerability is due to insecure permissions on files created by the Liberty server, enabling a local attacker to obtain sensitive information via normal filesystem operations. A fix is to apply IBM F...

4.3CVSS8.2AI score0.01313EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/11/16 3:0 p.m.33 views

CVE-2013-5414

The migration functionality in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in...

6.2AI score0.01457EPSS
Exploits0References3
CVE
CVE
added 2013/11/16 3:0 p.m.62 views

CVE-2013-5418

CVE-2013-5418 is an IBM WebSphere Application Server administrative console cross-site scripting (XSS) vulnerability that could allow a remote attacker, via a crafted URL, to inject script in the victim’s browser. The initial description states affected versions as: WebSphere Application Server 7...

3.5CVSS7AI score0.01449EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2013/11/16 3:0 p.m.77 views

CVE-2013-5417

CVE-2013-5417 is an XSS in IBM WebSphere Application Server: remote injection via HTTP response data. Affected: WAS 7.0 up to 7.0.0.31, WAS 8.0 up to 8.0.0.8, WAS 8.5 up to 8.5.5.1. Remediation per IBM advisories: apply corresponding Fix Pack/PTF amounts (7.0.0.31 for WAS 7; 8.0.0.8 for WAS 8.0; ...

4.3CVSS7.5AI score0.01832EPSS
Exploits0References5Affected Software1
Metasploit
Metasploit
added 2013/10/21 8:11 p.m.232 views

Sun/Oracle GlassFish Server Authenticated Code Execution

This module logs in to a GlassFish Server Open Source or Commercial using various methods such as authentication bypass, default credentials, or user-supplied login, and deploys a malicious war file in order to get remote code execution. It has been tested on Glassfish 2.x, 3.0, 4.0 and Sun Java...

10CVSS0.7AI score0.60878EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2013/10/17 5:17 p.m.42 views

Important: Red Hat Security Advisory: commons-fileupload security update

An update for the commons-fileupload component that fixes one security issue is now available from the Red Hat Customer Portal for Red Hat JBoss SOA Platform 4.3.0.GACP05 and 5.3.1 GA. The Red Hat Security Response Team has rated this update as having important security impact. A Common...

7.5CVSS6.8AI score0.12768EPSS
Exploits0References4
Symantec
Symantec
added 2013/10/08 12:0 a.m.38 views

Microsoft Windows Kernel 'dxgkrnl.sys' CVE-2013-3888 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that is related to DirectX Graphics Kernel Subsystem. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of...

7.2CVSS1.4AI score0.01033EPSS
Exploits0References1Affected Software5
Symantec
Symantec
added 2013/10/08 12:0 a.m.30 views

Microsoft Windows Kernel 'Win32k.sys' CVE-2013-3881 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of the affected...

7.2CVSS1.9AI score0.14835EPSS
Exploits7References1Affected Software3
Symantec
Symantec
added 2013/10/08 12:0 a.m.47 views

Microsoft Windows App Container CVE-2013-3880 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit these issues to disclose sensitive information on the affected system. This information may be used in further attacks. Technologies Affected Avaya Aura Conferencing Standard Avaya...

3.5CVSS0.4AI score0.14107EPSS
Exploits0References1Affected Software3
Symantec
Symantec
added 2013/10/08 12:0 a.m.42 views

Microsoft .NET Framework CVE-2013-3860 Remote Denial of Service Vulnerability

Description Microsoft .NET Framework is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an application to crash or become unresponsive, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing Standard Avaya CallPilot Avaya...

7.8CVSS0.8AI score0.31646EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/09/27 12:0 a.m.26 views

Adobe JRun Detection

The remote host has Adobe JRun installed. JRun is an application server for Java applications. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70175; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/02/06"; scriptnameenglish:"Adobe...

5.5AI score
Exploits0References1
NVD
NVD
added 2013/09/20 9:55 p.m.20 views

CVE-2013-4052

Cross-site scripting XSS vulnerability in the UDDI Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.4AI score0.01812EPSS
Exploits0References3
Prion
Prion
added 2013/09/20 9:55 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the UDDI Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01812EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2013/09/20 9:55 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.01812EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/09/20 9:0 p.m.68 views

CVE-2013-4052

CVE-2013-4052 is an XSS vulnerability in the UDDI Administrative console of IBM WebSphere Application Server. The issue affects WAS versions 6.1 (before 6.1.0.47), 7.0 (before 7.0.0.31), 8.0 (before 8.0.0.8), and 8.5 (before 8.5.5.1). IBM Security Bulletins document multiple APARs under the same ...

4.3CVSS7.3AI score0.01812EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/09/20 9:0 p.m.61 views

CVE-2013-0596

CVE-2013-0596 is an XSS vulnerability in the IBM WebSphere Application Server 6.1 Administrative Console (pre-6.1.0.47). A remote attacker could inject script/HTML via unspecified vectors. IBM’s security bulletin PM73445 lists affected versions and states the remediation is to apply Fix Pack 47 (...

4.3CVSS7.3AI score0.01812EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder