9873 matches found
Microsoft Windows 'Win32k.sys' CVE-2013-1258 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows 'Win32k.sys' CVE-2013-1248 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft .NET Framework CVE-2013-0073 Remote Privilege Escalation Vulnerability
Description The Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. Successful exploits may allow an attacker to execute arbitrary code with elevated privileges; this may result in the attacker gaining complete control of the affected system. Technologies Affected...
Microsoft Windows 'Win32k.sys' CVE-2013-1275 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows 'Win32k.sys' CVE-2013-1273 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution Vulnerability
Description Microsoft Windows Object Linking and Embedding OLE Automation is prone to a remote code-execution vulnerability due to an integer overflow error. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage or a specially crafted file. Successful...
Microsoft Windows 'Win32k.sys' CVE-2013-1265 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges and to read arbitrary amounts of kernel memory. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0 CP10 security update
An update for JBoss Enterprise Application Platform 4.3.0 CP10 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, whi...
Moderate: Red Hat Security Advisory: rhevm 3.1.2 security and bug fix update
Updated rhevm packages that fix two security issues and various bugs are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...
CVE-2013-0458
Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers to inject arbitrary web script or HTML via...
CVE-2013-0461
Cross-site scripting XSS vulnerability in the virtual member manager VMM administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecifi...
CVE-2013-0460
Cross-site request forgery CSRF vulnerability in the portlet subsystem in the administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47 and 7.0 before 7.0.0.27 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site...
CVE-2013-0462
Unspecified vulnerability in IBM WebSphere Application Server WAS 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors...
CVE-2013-0459
Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-0458
CVE-2013-0458 is an XSS in IBM WebSphere Application Server Administrative Console when login security is disabled. Affected products/versions: WAS 6.1 prior to 6.1.0.47, WAS 7.0 prior to 7.0.0.27, WAS 8.0 prior to 8.0.0.6, and WAS 8.5 prior to 8.5.0.2. Remediation per IBM advisories PM71139/PM71...
CVE-2013-0462
Unspecified vulnerability in IBM WebSphere Application Server WAS 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors...
CVE-2013-0461
Cross-site scripting XSS vulnerability in the virtual member manager VMM administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecifi...
CVE-2013-0460
CVE-2013-0460: IBM WebSphere Application Server contains a CSRF vulnerability in the portlet-based administrative console. An attacker could hijack user authentication and inject XSS sequences via requests to vulnerable portlets in WAS 6.1 up to 6.1.0.46 and 7.0 up to 7.0.0.26. Root cause: improp...
CVE-2013-0459
CVE-2013-0459 is an XSS vulnerability in the IBM WebSphere Application Server administrative console. The flaw allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Affected versions include WAS 6.1 prior to 6.1.0.47, WAS 7.0 prior to 7.0.0.27, WAS 8.0 prior to 8.0.0.6,...
CVE-2013-0461
CVE-2013-0461 is an XSS in WebSphere Application Server's Virtual Member Manager (VMM) Administrative Console. Root cause: improper input validation in the administrative console, allowing a remote attacker to inject script via an error message. Affected versions (per IBM/DOC): WAS 6.1.0.46 and e...