9873 matches found
IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities
IBM WebSphere Application Server 8.5 before Fix Pack 1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to the 'Eclipse Help System' that can allow arbitrary redirect responses to HTTP...
Adobe Patches DoS Flaw in ColdFusion 10
Adobe has addressed a denial-of-service vulnerability in the ColdFusion platform and an update is available. ColdFusion is Adobe’s platform and application server used by developers to build Web applications. The security hotfix is for ColdFusion 10 Update 1 and above for the Windows operating...
IBM WebSphere Application Server 远程权限提升漏洞(CVE-2012-4850)
Bugtraq ID:56460 CVE ID:CVE-2012-4850 IBM WebSphere Application Server WAS是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。 IBM WebSphere Application Server 8.5 Liberty Profile 8.5.0.1之前版本,在使用JAX-RS时,由于不正确校验请求,允许远程攻击者利用漏洞获得高权限。 0 IBM WebSphere Application Server 8.5 用户可参考如下厂商提供的安全公告获得补丁信息:...
CVE-2012-4850
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure...
CVE-2012-3330
CVE-2012-3330 affects IBM WebSphere Application Server and WebSphere Virtual Enterprise. The DoS arises from an error in the proxy server component: a crafted request can cause the daemon to outage. Affected versions include WebSphere Application Server 7.0 prior to 7.0.0.27, 8.0 prior to 8.0.0.5...
CVE-2012-4850
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors...
CVE-2012-3330
The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service daemon outage via a crafted request...
CVE-2012-4851
CVE-2012-4851 affects IBM WebSphere Application Server Liberty Profile (8.5) with versions before 8.5.0.1. The issue is a cross-site scripting (XSS) vulnerability that lets remote attackers inject arbitrary web script or HTML via a crafted URI. The related connected IBM bulletin entries describe ...
CVE-2012-4850
CVE-2012-4850 – IBM WebSphere Application Server Liberty Profile : In versions before 8.5.0.1, when using JAX-RS, requests are not properly validated, allowing remote attackers to gain elevated privileges. The issue is documented in the IBM WebSphere security bulletin and linked advisories, with ...
Microsoft Windows Kernel 'Win32k.sys' TrueType Font Parsing Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the kernel. To exploit this issue, an attacker may entice an unsuspecting user into visiting a malicious webpage. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges...
Microsoft Windows Kernel 'Win32k.sys' CVE-2012-2553 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability
Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the application and obtain unauthorized access to the sensitive information. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilo...
Microsoft .NET Framework CVE-2012-1896 Information Disclosure Vulnerability
Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to bypass certain Code Access Security CAS restrictions and obtain sensitive information from the target system that may aid in further attacks. Technologies Affect...
Microsoft Windows Briefcase CVE-2012-1528 Integer Overflow Remote Code Execution Vulnerability
Description Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition. Technologies...
Microsoft .NET Framework CVE-2012-2519 DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic...
Microsoft .NET Framework CVE-2012-1895 Security Bypass Vulnerability
Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0...
Microsoft Windows Briefcase CVE-2012-1527 Integer Underflow Remote Code Execution Vulnerability
Description Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition. Technologies...
Cisco patch serious Vulnerability in Data Center Network Manager
Cisco Prime DCNM is a management tools for your Storage and Ethernet Networks, provides a robust framework and comprehensive feature set that meets the routing, switching, and storage administration needs of present and future virtualized data centers. According to an advisory released, Cisco Pri...
IBM Rational ClearQuest Multiple Script Information Disclosure
The remote install of IBM WebSphere Application Server contains one or more testing and debugging scripts as well as sample applications, likely resulting from a deployment of IBM Rational ClearQuest. These scripts provide information such as system paths and versions, which may aid an attacker...