Lucene search
K

9863 matches found

OpenVAS
OpenVAS
added 2012/01/23 12:0 a.m.34 views

IBM WebSphere Application Server Hash Collisions DoS Vulnerability (Jan 2012)

IBM WebSphere Application Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5CVSS9.3AI score0.02399EPSS
Exploits0References5
Cvelist
Cvelist
added 2012/01/20 2:0 a.m.23 views

CVE-2012-0193

IBM WebSphere Application Server WAS 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service C...

9.2AI score0.02399EPSS
Exploits0References4
CVE
CVE
added 2012/01/20 2:0 a.m.62 views

CVE-2012-0193

CVE-2012-0193 affects IBM WebSphere Application Server (WAS) and is a DoS risk caused by hashing collisions in form parameters. Affected WAS versions include 6.0 up to 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3. The underlying issue is the hash table collision expo...

5CVSS8.8AI score0.02399EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2012/01/19 11:55 a.m.23 views

CVE-2011-1376

iscdeploy in IBM WebSphere Application Server WAS 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/clientffdc/, which allows local users to read or modify files via standard filesystem operations...

4.6CVSS8.8AI score0.00383EPSS
Exploits0References4
Cvelist
Cvelist
added 2012/01/19 11:0 a.m.31 views

CVE-2011-1376

iscdeploy in IBM WebSphere Application Server WAS 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/clientffdc/, which allows local users to read or modify files via standard filesystem operations...

8.8AI score0.00383EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2012/01/18 12:0 a.m.34 views

IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - (Jan2012)

The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmwasmultvulnjan12.nasl 5977 2017-04-19 09:02:22Z teissa $ IBM WebSphere Application Server WAS Multiple Vulnerabilities - Jan2012 Authors: Antu Sanadi Copyright:...

10CVSS0.5AI score0.02404EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2012/01/18 12:0 a.m.29 views

IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability

The host is running IBM WebSphere Application Server and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbibmwasivtxssvuln.nasl 5999 2017-04-21 09:02:32Z teissa $ IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability Authors: Antu Sanadi Copyrigh...

4.3CVSS6.1AI score0.01772EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2012/01/18 12:0 a.m.25 views

IBM WebSphere Application Server 6.1.x < 6.1.0.41, 7.0.x < 7.0.0.19 IVT XSS Vulnerability

IBM WebSphere Application Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS5.7AI score0.01772EPSS
Exploits0References5
NVD
NVD
added 2012/01/15 3:55 a.m.22 views

CVE-2011-5065

Cross-site scripting XSS vulnerability in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging...

4.3CVSS5.4AI score0.01929EPSS
Exploits1References6
Prion
Prion
added 2012/01/15 3:55 a.m.27 views

Code injection

The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server WAS 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors...

10CVSS6.8AI score0.02404EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2012/01/15 2:0 a.m.66 views

CVE-2011-5066

CVE-2011-5066 affects IBM WebSphere Application Server 6.1 (Default Messaging Component). The SibRaRecoverableSiXaResource class does not properly handle a Service Integration Bus (SIB) dump operation in the FFDC introspection code, allowing local users to read the FFDC log file and obtain sensit...

2.1CVSS5.6AI score0.00312EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2012/01/15 2:0 a.m.83 views

CVE-2011-1377

CVE-2011-1377 affects IBM WebSphere Application Server with WS-Security enabled. IBM and NVD sources describe a weakness where a WS‑Security/LTPA token handling flaw can allow a user to gain elevated privileges, potentially via identity reuse between inbound/outbound tokens. Affected versions inc...

10CVSS9AI score0.02404EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2012/01/15 2:0 a.m.30 views

CVE-2011-5066

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...

5.4AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2012/01/15 2:0 a.m.58 views

CVE-2011-5065

CVE-2011-5065 describes a cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 41 (6.1.0.41) that allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. The vulnerability is tied to WAS Web Messaging c...

4.3CVSS5.5AI score0.01929EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2012/01/15 2:0 a.m.64 views

CVE-2011-1362

CVE-2011-1362 affects IBM WebSphere Application Server (WAS) IVT in the Install component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors due to an incomplete fix for CVE-2011-1308. Affected products/versions: WAS 6.1 before 6.1.0.41 and W...

4.3CVSS5.6AI score0.01772EPSS
Exploits0References4Affected Software1
Saint
Saint
added 2012/01/13 12:0 a.m.45 views

Plone Zope SAXutils Command Execution

Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...

9.3CVSS7AI score0.78546EPSS
Exploits15
Symantec
Symantec
added 2012/01/10 12:0 a.m.27 views

Microsoft Windows Object Packager Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affect...

7.9AI score
Exploits0Affected Software5
Symantec
Symantec
added 2012/01/10 12:0 a.m.43 views

Microsoft Windows Kernel CVE-2012-0001 SafeSEH Security Bypass Vulnerability

Description Microsoft Windows is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the SafeSEH security mechanism. This may allow the attacker to execute arbitrary code by leveraging memory corruption vulnerabilities in Windows applications. Technologies...

9.3CVSS0.5AI score0.09554EPSS
Exploits0References1Affected Software7
Symantec
Symantec
added 2011/12/13 12:0 a.m.29 views

Microsoft Windows CSRSS CVE-2011-3408 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with administrator privileges. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Avaya Aura...

7.2CVSS0.1AI score0.01791EPSS
Exploits1Affected Software12
Symantec
Symantec
added 2011/12/13 12:0 a.m.20 views

Microsoft Internet Explorer XSS Filter Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to...

0.2AI score
Exploits0Affected Software6
Rows per page
Query Builder