Lucene search
K

9873 matches found

Tenable Nessus
Tenable Nessus
added 2012/11/20 12:0 a.m.53 views

IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities

IBM WebSphere Application Server 8.5 before Fix Pack 1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to the 'Eclipse Help System' that can allow arbitrary redirect responses to HTTP...

7.5CVSS8.2AI score0.0388EPSS
Exploits5References23
ThreatPost
ThreatPost
added 2012/11/19 7:53 p.m.7 views

Adobe Patches DoS Flaw in ColdFusion 10

Adobe has addressed a denial-of-service vulnerability in the ColdFusion platform and an update is available. ColdFusion is Adobe’s platform and application server used by developers to build Web applications. The security hotfix is for ColdFusion 10 Update 1 and above for the Windows operating...

1.4AI score
Exploits0References5
seebug.org
seebug.org
added 2012/11/19 12:0 a.m.38 views

IBM WebSphere Application Server 远程权限提升漏洞(CVE-2012-4850)

Bugtraq ID:56460 CVE ID:CVE-2012-4850 IBM WebSphere Application Server WAS是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。 IBM WebSphere Application Server 8.5 Liberty Profile 8.5.0.1之前版本,在使用JAX-RS时,由于不正确校验请求,允许远程攻击者利用漏洞获得高权限。 0 IBM WebSphere Application Server 8.5 用户可参考如下厂商提供的安全公告获得补丁信息:...

7.5CVSS9.3AI score0.02409EPSS
Exploits1
NVD
NVD
added 2012/11/14 12:30 p.m.17 views

CVE-2012-4850

IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors...

7.5CVSS6.7AI score0.02409EPSS
Exploits1References4
Prion
Prion
added 2012/11/14 12:30 p.m.19 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger information disclosure...

6.8CVSS7.1AI score0.01006EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2012/11/14 11:0 a.m.80 views

CVE-2012-3330

CVE-2012-3330 affects IBM WebSphere Application Server and WebSphere Virtual Enterprise. The DoS arises from an error in the proxy server component: a crafted request can cause the daemon to outage. Affected versions include WebSphere Application Server 7.0 prior to 7.0.0.27, 8.0 prior to 8.0.0.5...

5CVSS8.7AI score0.02401EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2012/11/14 11:0 a.m.21 views

CVE-2012-4850

IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors...

6.6AI score0.02409EPSS
Exploits1References4
Cvelist
Cvelist
added 2012/11/14 11:0 a.m.21 views

CVE-2012-3330

The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service daemon outage via a crafted request...

6.1AI score0.02401EPSS
Exploits0References3
CVE
CVE
added 2012/11/14 11:0 a.m.70 views

CVE-2012-4851

CVE-2012-4851 affects IBM WebSphere Application Server Liberty Profile (8.5) with versions before 8.5.0.1. The issue is a cross-site scripting (XSS) vulnerability that lets remote attackers inject arbitrary web script or HTML via a crafted URI. The related connected IBM bulletin entries describe ...

4.3CVSS7.3AI score0.01832EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2012/11/14 11:0 a.m.71 views

CVE-2012-4850

CVE-2012-4850 – IBM WebSphere Application Server Liberty Profile : In versions before 8.5.0.1, when using JAX-RS, requests are not properly validated, allowing remote attackers to gain elevated privileges. The issue is documented in the IBM WebSphere security bulletin and linked advisories, with ...

7.5CVSS9.3AI score0.02409EPSS
Exploits1References4Affected Software1
Symantec
Symantec
added 2012/11/13 12:0 a.m.15 views

Microsoft Windows Kernel 'Win32k.sys' TrueType Font Parsing Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the kernel. To exploit this issue, an attacker may entice an unsuspecting user into visiting a malicious webpage. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges...

0.2AI score
Exploits0References1Affected Software15
Symantec
Symantec
added 2012/11/13 12:0 a.m.43 views

Microsoft Windows Kernel 'Win32k.sys' CVE-2012-2553 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...

7.2CVSS0.6AI score0.0175EPSS
Exploits1Affected Software13
Symantec
Symantec
added 2012/11/13 12:0 a.m.35 views

Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the application and obtain unauthorized access to the sensitive information. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilo...

9.3CVSS0.2AI score0.24755EPSS
Exploits1Affected Software9
Symantec
Symantec
added 2012/11/13 12:0 a.m.40 views

Microsoft .NET Framework CVE-2012-1896 Information Disclosure Vulnerability

Description The Microsoft .NET Framework is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to bypass certain Code Access Security CAS restrictions and obtain sensitive information from the target system that may aid in further attacks. Technologies Affect...

5CVSS0.2AI score0.23666EPSS
Exploits0Affected Software9
Symantec
Symantec
added 2012/11/13 12:0 a.m.39 views

Microsoft Windows Briefcase CVE-2012-1528 Integer Overflow Remote Code Execution Vulnerability

Description Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition. Technologies...

9.3CVSS0.7AI score0.18163EPSS
Exploits0Affected Software13
Symantec
Symantec
added 2012/11/13 12:0 a.m.50 views

Microsoft .NET Framework CVE-2012-2519 DLL Loading Arbitrary Code Execution Vulnerability

Description Microsoft .NET Framework is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic...

7.9CVSS0.6AI score0.03217EPSS
Exploits1References3Affected Software9
Symantec
Symantec
added 2012/11/13 12:0 a.m.37 views

Microsoft .NET Framework CVE-2012-1895 Security Bypass Vulnerability

Description Microsoft .NET Framework is prone to a security-bypass vulnerability. An attacker can exploit this vulnerability to bypass certain Code Access Security CAS restrictions and gain elevated privileges. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0...

9.3CVSS0.3AI score0.226EPSS
Exploits0Affected Software9
Symantec
Symantec
added 2012/11/13 12:0 a.m.37 views

Microsoft Windows Briefcase CVE-2012-1527 Integer Underflow Remote Code Execution Vulnerability

Description Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition. Technologies...

9.3CVSS0.7AI score0.18163EPSS
Exploits0Affected Software13
The Hacker News
The Hacker News
added 2012/10/31 7:22 p.m.5 views

Cisco patch serious Vulnerability in Data Center Network Manager

Cisco Prime DCNM is a management tools for your Storage and Ethernet Networks, provides a robust framework and comprehensive feature set that meets the routing, switching, and storage administration needs of present and future virtualized data centers. According to an advisory released, Cisco Pri...

9.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/10/29 12:0 a.m.201 views

IBM Rational ClearQuest Multiple Script Information Disclosure

The remote install of IBM WebSphere Application Server contains one or more testing and debugging scripts as well as sample applications, likely resulting from a deployment of IBM Rational ClearQuest. These scripts provide information such as system paths and versions, which may aid an attacker...

5CVSS5.5AI score0.08263EPSS
Exploits0References3
Rows per page
Query Builder