9873 matches found
IBM WebSphere Application Server 8.0 < Fix Pack 7 Multiple Vulnerabilities
IBM WebSphere Application Server 8.0 before Fix Pack 7 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. CVE-2012-2098 /...
CVE-2013-2967
Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-2976
The Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert...
Information disclosure
The Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors...
CVE-2013-2976
The Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors...
CVE-2013-4005
CVE-2013-4005 is an IBM WebSphere Application Server cross-site scripting (XSS) vulnerability in the Administrative Console caused by improper validation of input. A remote authenticated attacker could inject script via unspecified fields. Affected WAS versions include 6.1 (6.1.0.45 and earlier),...
CVE-2013-4005
Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified fields...
CVE-2013-2976
CVE-2013-2976 : IBM WebSphere Application Server’s Administrative Console caches data in a way that lets local users obtain sensitive information. Affected versions include WAS 6.1, 7.0, and 8.x (including 8.0/8.5). The issue is a local information-disclosure via caching; no exploit vectors are s...
CVE-2013-4004
CVE-2013-4004 — IBM WebSphere Application Server XSS in Admin Console Issue: Cross-site scripting (XSS) in the Administrative Console of IBM WebSphere Application Server. Remote authenticated users can inject script/HTML via unspecified vectors. Affected versions (per initial description): IBM We...
CVE-2013-4213
Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client...
Microsoft Windows Uniscribe Font Parsing CVE-2013-3181 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability when handling crafted font data. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file or webpage. A successful exploit may allow arbitrary code to run in the context of the...
Microsoft Internet Explorer CVE-2013-3187 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 9 and 10 are...
Microsoft Internet Explorer CVE-2013-3184 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 7, 8, 9, and 10 are...
Microsoft Windows Kernel CVE-2013-3198 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause...
Microsoft Internet Explorer CVE-2013-3199 Use After Free Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a use-after-free memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 6, 7...
Microsoft Internet Explorer CVE-2013-3186 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with elevated privileges. Technologies Affected Avaya Aura Conferencing Standard Avaya CallPilot...
Microsoft Internet Explorer CVE-2013-3189 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 8 and 9 are affecte...
Microsoft Windows Kernel CVE-2013-3196 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause...
Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities
According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied. C Tenable Network Security, Inc. include"compat.inc"; if description...