9863 matches found
Microsoft Internet Explorer Link Properties Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected...
Microsoft Internet Explorer DOM Editing Uninitialized Memory Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected...
Microsoft Windows Server Message Block Client Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. The issue affects the Microsoft Server Message Block SMB client. An attacker can exploit this issue by sending a specially crafted SMB response to the affected application. Successfully exploiting this issue allows a...
Oracle HTTP Server Header Cross Site Scripting
--------------------------------------------------------------------------------------------------------- Oracle HTTP Server XSS Header Injection --------------------------------------------------------------------------------------------------------- Attack Pattern ID : CAPEC-86 CWE ID : CI-79...
Microsoft Windows 'win32k.sys' OpenType Font Parsing Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will result in the execution of arbitrary code in the kernel-mode. Failed attempts will cause a denial-of-service condition. Technologies Affected Avaya Aura Conferencing 6.0 Standard Avaya...
Microsoft Internet Explorer VML Memory Corruption CVE-2011-1266 Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability due to a memory-corruption error. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successful exploits may allow attackers to execute arbitrary code with...
Oracle HTTP Server - Cross-Site Scripting Header Injection
--------------------------------------------------------------------------------------------------------- Oracle HTTP Server XSS Header Injection --------------------------------------------------------------------------------------------------------- Attack Pattern ID : CAPEC-86 CWE ID : CI-79...
Oracle HTTP Server XSS Header Injection
Exploit for multiple platform in category web applications Attack Pattern ID : CAPEC-86 CWE ID : CI-79 OWASP IDs : A1-Injections, A2-Cross Site Scripting XSS CVE ID : not yet Related CVEs : CVE-2006-3918, CVE-2007-0275 A.K.A : Unfiltered Header Injection Product Type : Application Vendor : Oracle...
IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbibmwasxmlencryptioninfodisclosurevuln.nasl 7006 2017-08-25 11:51:20Z teissa $ IBM WebSphere Application Server WS-Security XML Encryption Weakness...
IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability (May 2011)
IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Hardcoded credentials
The application server in Trustwave WebDefend Enterprise before 5.0 uses hardcoded console credentials, which makes it easier for remote attackers to read security-event data by using the remote console GUI to connect to the management port...
Design/Logic Flaw
IBM WebSphere Application Server WAS 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a 1 JAX-RPC or 2 JAX-WS Web Services request via unspecified vectors related to a "decryption...
CVE-2011-1209
IBM WebSphere Application Server WAS 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a 1 JAX-RPC or 2 JAX-WS Web Services request via unspecified vectors related to a "decryption...
CVE-2011-1209
CVE-2011-1209 affects IBM WebSphere Application Server: WAS 6.1 before 6.1.0.39 and WAS 7.0 before 7.0.0.17 use a weak WS-Security XML encryption algorithm, enabling a remote decryption attack to obtain plaintext data from JAX-RPC/JAX-WS requests. Exploitation details/vectors are not specified in...
ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
ZDI-11-137: Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-137 April 19, 2011 -- CVE ID: CVE-2011-0807 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Applicati...
CVE-2011-0807
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration...
CVE-2011-0807
CVE-2011-0807 affects Oracle GlassFish Server and Sun Java System Application Server. The connected documents describe an authentication bypass vulnerability that can lead to remote code execution by bypassing authentication and deploying/executing a malicious WAR, particularly on GlassFish 2.x, ...
CVE-2011-1683
IBM WebSphere Application Server WAS 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors...
Design/Logic Flaw
IBM WebSphere Application Server WAS 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors...
CVE-2011-1683
CVE-2011-1683 concerns IBM WebSphere Application Server on z/OS when using a Local OS user registry or Federated Repository with a RACF adapter. The vulnerability allows remote attackers to obtain unspecified application access via unknown vectors in WAS 6.0.x (up to 6.0.2.43), 6.1.x (before 6.1....