9863 matches found
IBM WebSphere Application Server 7.x < 7.0.0.19 OpenSAML XML Signature Wrapping Vulnerability
IBM WebSphere Application Server ships a OpenSAML implementation which is prone to a security vulnerability involving XML signature wrapping. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
[Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-015: SAP WebAS webrfc Cross-Site Scripting This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
Уязвимости в JBoss Application Server
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage и Brute Force уязвимостях в JBoss Application Server. Information Leakage WASC-13: http://site/status http://site/status?full=true Публично доступная статистика работы сервера с перечнем всех его сервисов. Brute Force WASC-11:...
IBM WebSphere Application Server Administration Directory Traversal Vulnerability
The host is running IBM WebSphere Application Server and is prone to directory traversal vulnerability. OpenVAS Vulnerability Test $Id: gbibmwasadminconsoledirtravvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ IBM WebSphere Application Server Administration Directory Traversal Vulnerability Authors...
IBM WebSphere Application Server Directory Traversal Vulnerability (Sep 2011)
IBM WebSphere Application Server is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2011-1359
CVE-2011-1359 describes a directory traversal vulnerability in the IBM WebSphere Application Server administration console. An unauthenticated remote attacker can read arbitrary files by using a .. in the URI. Affected versions: WAS 6.1 before 6.1.0.41, WAS 7.0 before 7.0.0.19, and WAS 8.0 before...
NGS00054 Technical Advisory: : Lumension Device Control (formerly Sanctuary) remote memory corruption
======= Summary ======= Name: Lumension Device Control formerly Sanctuary remote memory corruption Release Date: 24 August 2011 Reference: NGS00054 Discoverer: Andy Davis [email protected] Vendor: Lumension Vendor Reference: Systems Affected: Lumension Device Control v4.4 SR6 Risk: High...
ZDI-11-260: Nortel Media Application Server cstore.exe cs_anams Remote Code Execution Vulnerability
ZDI-11-260: Nortel Media Application Server cstore.exe csanams Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-260 August 16, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Nortel -- Affected Products: Nortel Media Application Server --...
Nortel Media Application Server cstore.exe cs_anams Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Nortel Media Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the cstore.exe component which listens by default on TCP port 52005. When...
Oracle GlassFish HTTP Server Version
The remote host is running an Oracle GlassFish HTTP Server, a Java EE application server. It was possible to read the version number from the HTTP response headers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55930; scriptversion"1.13";...
Microsoft Internet Explorer XSLT Memory Corruption Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Aura...
Microsoft Windows Data Access Component DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft Windows is prone to an arbitrary-code-execution vulnerability that affects the Data Access Component. Attackers can exploit this vulnerability to execute arbitrary code in the context of the user running the vulnerable application. Technologies Affected Avaya Aura Conferenci...
Microsoft .NET Framework 'System.Net.Sockets' Namespace Security Bypass Vulnerability
Description The Microsoft .NET Framework is prone to a security-bypass vulnerability. Attackers can exploit this issue to perform denial-of-service attacks, scan network resources, and obtain potentially sensitive information that was not intended to be disclosed. Technologies Affected Avaya Aura...
Microsoft Remote Desktop Protocol CVE-2011-1968 Denial of Service Vulnerability
Description Microsoft Remote Desktop Protocol is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to shut down or restart the affected system, therefore denying service to legitimate users. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 5.0 Avaya...
IBM WebSphere Application Multiple Vulnerabilities Jul-11
The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodibmwasmultiplevulnjul11.nasl 7019 2017-08-29 11:51:27Z teissa $ IBM WebSphere Application Multiple Vulnerabilities Jul-11 Authors: Antu sanadi Copyright: Copyright ...
IBM WebSphere Application Multiple Vulnerabilities (Jul 2011)
IBM WebSphere Application Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 39 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. PM34841 - A...
IBM WebSphere Application Server 'logoutExitPage'参数安全绕过漏洞
Bugtraq ID: 48710 CVE ID:CVE-2011-1355 IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 WebSphere Application Server对logoutExitPage参数缺少正确校验,允许远程攻击者绕过安全限制。攻击者可以利用此漏洞重定向应阻拦的域上面。 IBM Websphere Application Server 7.0 IBM Websphere Application Server 6.1 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...
Open redirect
Open redirect vulnerability in IBM WebSphere Application Server WAS 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter...
Design/Logic Flaw
IBM WebSphere Application Server WAS 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request...