9863 matches found
CVE-2009-2747
CVE-2009-2747 affects IBM WebSphere Application Server’s JNDI implementation. The root cause is improper access control on UserRegistry object methods, allowing remote attackers to disclose sensitive information via a crafted method call. Affected versions are WAS 6.0 prior to 6.0.2.39, 6.1 prior...
Code injection
The JavaServer Faces JSF application functionality in IBM WebSphere Application Server 8.x before 8.0.0.1 does not properly handle requests, which allows remote attackers to read unspecified files via unknown vectors...
CVE-2011-1368
Summary: CVE-2011-1368 affects IBM WebSphere Application Server 8.x prior to 8.0.0.1, where the JSF request handling could allow remote attackers to read unspecified files via unknown vectors (information disclosure). What’s affected: IBM WebSphere Application Server 8.x with the JSF component be...
CVE-2011-1360
Multiple cross-site scripting XSS vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in 1 manual/ibm/ and 2...
CVE-2011-1360
CVE-2011-1360 covers multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server 2.0.47 and earlier. The issue arises from untrusted input in documentation-related paths (manual/ibm/ and htdocs/*/manual/ibm/), enabling an attacker to inject arbitrary script/HTML. Products using IBM HTT...
CVE-2011-1360
Multiple cross-site scripting XSS vulnerabilities in IBM HTTP Server 2.0.47 and earlier, as used in WebSphere Application Server and other products, allow remote attackers to inject arbitrary web script or HTML via vectors involving unspecified documentation files in 1 manual/ibm/ and 2...
JBoss Worm Exploiting Old Bug to Infect Unpatched Servers
There is a new worm circulating right now that is compromising servers running older versions of the JBoss Application Server and then adding them to a botnet. The worm also attempts to install a remote access tool in order to give the attacker control over the newly infected server. The worm has...
Cisco Unified Service Monitor brstart sm_read_string_length Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Unified Service Monitor due to bundled EMC SMARTS application server. Authentication is not required to exploit this vulnerability. The flaw exists within the brstart.exe service which listen...
Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
Description Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Scripting' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6...
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-2011) Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel due to a use-after-free error. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete...
Microsoft Windows Kernel 'Win32k.sys' TrueType Font File Remote Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability. A remote attacker can exploit this issue to crash the Windows kernel, denying service to legitimate users. Technologies Affected Avaya Aura Conferencing 6.0 Standard Avaya CallPilot 4.0 Avaya CallPilot 5.0 Avaya...
Microsoft Internet Explorer 'Jscript9.dll' CVE-2011-1998 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...
Microsoft Internet Explorer Select Element CVE-2011-1999 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...
Microsoft Internet Explorer Virtual Function Table CVE-2011-2001 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...
JBoss AS 2.0 - Remote Command Execution
THE FULL DAYTONA PACKAGE -- BY KINGCOPE, YEAR 2011 THREE JBOSS APPLICATION SERVER REMOTE EXPLOITS WITH AUTHEN BYPASS PORTED FROM METASPLOIT AND BEEFED UP WITH TWO SCANNERS: PNSCAN W/ SSL SUPPORT SYNSCAN MODDED FILES: daytonabsh.pl, daytonadeployfile.pl, daytonamaindeploy.pl THE REMOTE EXPLOITS,...
Microsoft Windows AFD Driver CVE-2011-2005 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts may cause...
Microsoft Internet Explorer 'SwapNode()' CVE-2011-2000 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aur...
Microsoft Silverlight & .NET Framework Inheritance Restriction Remote Code Execution Vulnerability
Description Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial-of-service...
IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
IBM WebSphere Application Server is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user and gain access to the affected application; other attacks are also possible. IBM WebSphere...
IBM WebSphere Application Server < 8.0.0.1 CSRF Vulnerability
IBM WebSphere Application Server is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...