9873 matches found
CVE-2013-5414
The migration functionality in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in...
CVE-2013-5418
Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
Design/Logic Flaw
IBM WebSphere Application Server WAS Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations...
CVE-2013-5414
CVE-2013-5414 affects IBM WebSphere Application Server (versions 8.5, 8.0, 7) where the migration from 6.1+ can leave adminsecmanager users with elevated privileges due to incorrect assignment of admin/adminsecmanager roles. Consequence: existing users could gain privileges post-migration. remedi...
CVE-2013-4006
CVE-2013-4006 affects IBM WebSphere Application Server Liberty Profile 8.5 (before 8.5.5.1). The vulnerability is due to insecure permissions on files created by the Liberty server, enabling a local attacker to obtain sensitive information via normal filesystem operations. A fix is to apply IBM F...
CVE-2013-5414
The migration functionality in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in...
CVE-2013-5418
CVE-2013-5418 is an IBM WebSphere Application Server administrative console cross-site scripting (XSS) vulnerability that could allow a remote attacker, via a crafted URL, to inject script in the victim’s browser. The initial description states affected versions as: WebSphere Application Server 7...
CVE-2013-5417
CVE-2013-5417 is an XSS in IBM WebSphere Application Server: remote injection via HTTP response data. Affected: WAS 7.0 up to 7.0.0.31, WAS 8.0 up to 8.0.0.8, WAS 8.5 up to 8.5.5.1. Remediation per IBM advisories: apply corresponding Fix Pack/PTF amounts (7.0.0.31 for WAS 7; 8.0.0.8 for WAS 8.0; ...
Sun/Oracle GlassFish Server Authenticated Code Execution
This module logs in to a GlassFish Server Open Source or Commercial using various methods such as authentication bypass, default credentials, or user-supplied login, and deploys a malicious war file in order to get remote code execution. It has been tested on Glassfish 2.x, 3.0, 4.0 and Sun Java...
Important: Red Hat Security Advisory: commons-fileupload security update
An update for the commons-fileupload component that fixes one security issue is now available from the Red Hat Customer Portal for Red Hat JBoss SOA Platform 4.3.0.GACP05 and 5.3.1 GA. The Red Hat Security Response Team has rated this update as having important security impact. A Common...
Microsoft Windows Kernel 'dxgkrnl.sys' CVE-2013-3888 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that is related to DirectX Graphics Kernel Subsystem. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of...
Microsoft Windows Kernel 'Win32k.sys' CVE-2013-3881 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of the affected...
Microsoft Windows App Container CVE-2013-3880 Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit these issues to disclose sensitive information on the affected system. This information may be used in further attacks. Technologies Affected Avaya Aura Conferencing Standard Avaya...
Microsoft .NET Framework CVE-2013-3860 Remote Denial of Service Vulnerability
Description Microsoft .NET Framework is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an application to crash or become unresponsive, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing Standard Avaya CallPilot Avaya...
Adobe JRun Detection
The remote host has Adobe JRun installed. JRun is an application server for Java applications. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70175; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/02/06"; scriptnameenglish:"Adobe...
CVE-2013-4052
Cross-site scripting XSS vulnerability in the UDDI Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the UDDI Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-4052
CVE-2013-4052 is an XSS vulnerability in the UDDI Administrative console of IBM WebSphere Application Server. The issue affects WAS versions 6.1 (before 6.1.0.47), 7.0 (before 7.0.0.31), 8.0 (before 8.0.0.8), and 8.5 (before 8.5.5.1). IBM Security Bulletins document multiple APARs under the same ...
CVE-2013-0596
CVE-2013-0596 is an XSS vulnerability in the IBM WebSphere Application Server 6.1 Administrative Console (pre-6.1.0.47). A remote attacker could inject script/HTML via unspecified vectors. IBM’s security bulletin PM73445 lists affected versions and states the remediation is to apply Fix Pack 47 (...