9863 matches found
IBM WebSphere Application Server Hash Collisions DoS Vulnerability (Jan 2012)
IBM WebSphere Application Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2012-0193
IBM WebSphere Application Server WAS 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service C...
CVE-2012-0193
CVE-2012-0193 affects IBM WebSphere Application Server (WAS) and is a DoS risk caused by hashing collisions in form parameters. Affected WAS versions include 6.0 up to 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3. The underlying issue is the hash table collision expo...
CVE-2011-1376
iscdeploy in IBM WebSphere Application Server WAS 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/clientffdc/, which allows local users to read or modify files via standard filesystem operations...
CVE-2011-1376
iscdeploy in IBM WebSphere Application Server WAS 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/clientffdc/, which allows local users to read or modify files via standard filesystem operations...
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - (Jan2012)
The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmwasmultvulnjan12.nasl 5977 2017-04-19 09:02:22Z teissa $ IBM WebSphere Application Server WAS Multiple Vulnerabilities - Jan2012 Authors: Antu Sanadi Copyright:...
IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability
The host is running IBM WebSphere Application Server and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbibmwasivtxssvuln.nasl 5999 2017-04-21 09:02:32Z teissa $ IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability Authors: Antu Sanadi Copyrigh...
IBM WebSphere Application Server 6.1.x < 6.1.0.41, 7.0.x < 7.0.0.19 IVT XSS Vulnerability
IBM WebSphere Application Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2011-5065
Cross-site scripting XSS vulnerability in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging...
Code injection
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server WAS 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors...
CVE-2011-5066
CVE-2011-5066 affects IBM WebSphere Application Server 6.1 (Default Messaging Component). The SibRaRecoverableSiXaResource class does not properly handle a Service Integration Bus (SIB) dump operation in the FFDC introspection code, allowing local users to read the FFDC log file and obtain sensit...
CVE-2011-1377
CVE-2011-1377 affects IBM WebSphere Application Server with WS-Security enabled. IBM and NVD sources describe a weakness where a WS‑Security/LTPA token handling flaw can allow a user to gain elevated privileges, potentially via identity reuse between inbound/outbound tokens. Affected versions inc...
CVE-2011-5066
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...
CVE-2011-5065
CVE-2011-5065 describes a cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 41 (6.1.0.41) that allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging. The vulnerability is tied to WAS Web Messaging c...
CVE-2011-1362
CVE-2011-1362 affects IBM WebSphere Application Server (WAS) IVT in the Install component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors due to an incomplete fix for CVE-2011-1308. Affected products/versions: WAS 6.1 before 6.1.0.41 and W...
Plone Zope SAXutils Command Execution
Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...
Microsoft Windows Object Packager Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affect...
Microsoft Windows Kernel CVE-2012-0001 SafeSEH Security Bypass Vulnerability
Description Microsoft Windows is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the SafeSEH security mechanism. This may allow the attacker to execute arbitrary code by leveraging memory corruption vulnerabilities in Windows applications. Technologies...
Microsoft Windows CSRSS CVE-2011-3408 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with administrator privileges. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Avaya Aura...
Microsoft Internet Explorer XSS Filter Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. Successful exploits will allow attackers to...