9863 matches found
Important: Red Hat Security Advisory: jbossas security update
An update for JBoss Enterprise Application Platform 4.3.0 CP10 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, whic...
Important: Red Hat Security Advisory: jbossas security update
An update for JBoss Enterprise Application Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which giv...
CVE-2012-2170
The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request...
Authentication flaw
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors...
CVE-2012-0716
Cross-site scripting XSS vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-0720
CVE-2012-0720 : In IBM WebSphere Application Server, the Administration Console of the Integration Solution Console is vulnerable to cross-site scripting due to improper validation of user-supplied input. A remote attacker can inject arbitrary script via a crafted URL, affecting WAS 7.0 installat...
CVE-2012-0716
CVE-2012-0716 : IBM WebSphere Application Server 7.0 Administration Console has a cross-site scripting (XSS) vulnerability that can let an attacker inject script/HTML via the Administrative Console. Affected: WAS 7.0 prior to 7.0.0.23. Remediation: apply IBM Fix Pack 7.0.0.23 (or later) for WAS, ...
CVE-2012-0720
Cross-site scripting XSS vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2012-2170
The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request...
CVE-2012-0717
CVE-2012-0717 affects IBM WebSphere Application Server 7.0 (prior to 7.0.0.23) where a specific SSLv2 configuration with client authentication can allow a remote attacker to bypass X.509 client-certificate authentication via unspecified vectors. The condition requires: SSL enabled (SSLEnable), SS...
Microsoft XML Core Services CVE-2012-1889 Remote Code Execution Vulnerability
Description Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft XML Core Services versions 3.0,...
SAP NetWeaver Dispatcher DiagTraceR3Info Packet Parsing Vulnerability
Added: 06/04/2012 CVE: CVE-2012-2611 OSVDB: 81759 Background SAP Netweaver is a technology platform for building and integrating SAP business applications. Problem SAP Netweaver is vulnerable to a stack buffer overflow when configured with the developer trace level set to 2 or higher. The...
IBM WebSphere Application 7.0.0.23 Snoop Servlet信息泄露漏洞
Bugtraq ID: 53755 CVE ID:CVE-2012-2170 IBM WebSphere Application Server WAS是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。与其兼容的Web服务器包括:Apache HTTP Server,Netscape Enterprise Server,Microsoft Internet Information Services IIS以及IBM HTTP Server。 WAS 6.1、7.0、8.0在启用了默认Application Snoop...
CVE-2012-2561
HP Business Service Management BSM 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444...
HP Business Service Management Remote Code Execution
HP Business Service Management BSM 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444. Recent assessments: wchen-r7 at Septembe...
ajp-request NSE Script
Requests a URI over the Apache JServ Protocol and displays the result or stores it in a file. Different AJP methods such as; GET, HEAD, TRACE, PUT or DELETE may be used. The Apache JServ Protocol is commonly used by web servers to communicate with back-end Java application server containers. Scri...
IBM WebSphere Application Server <= 8.0 Information Disclosure Vulnerability
IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Microsoft Windows CVE-2012-0181 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers or cause denial of servi...
Design/Logic Flaw
The Web Server Plug-in in IBM WebSphere Application Server WAS 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a...
CVE-2012-2162
The Web Server Plug-in in IBM WebSphere Application Server WAS 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a...