9863 matches found
CVE-2011-1308
Cross-site scripting XSS vulnerability in the Installation Verification Test IVT application in the Install component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2011-1309
The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...
CVE-2011-1312
CVE-2011-1312 affects IBM WebSphere Application Server (WAS) Administrative Console. The vulnerability concerns WAS 6.1.0.x (before 6.1.0.31) and 7.x (before 7.0.0.15), where remote authenticated administrators could bypass access restrictions by mapping a (1) user or (2) group to an administrato...
CVE-2011-1317
CVE-2011-1317 affects IBM WebSphere Application Server (WAS) JSP component WASJSPStrBufferImpl, where a memory leak can be triggered by large JSP responses. Affects WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15. Exploitation could lead to denial of service via memory consumption by sending ...
CVE-2011-1321
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group...
CVE-2011-1314
The CVE concerns IBM WebSphere Application Server (WAS) — specifically the Service Integration Bus (SIB) messaging engine — and affects WAS versions prior to 7.0.0.15. An attacker can remotely cause a denial-of-service (daemon hang) by performing close operations over network connections to a que...
CVE-2011-1308
IBM WebSphere Application Server (WAS) versions affected by CVE-2011-1308 include the Installation Verification Test (IVT) in the Install component up to 7.0.0.15. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via unspec...
CVE-2011-1320
CVE-2011-1320 concerns IBM WebSphere Application Server (WAS) with the TIP/eWAS framework where, on logout, AuthCache entries are not properly deleted for WAS 6.1.0.x (before 6.1.0.35) and WAS 7.x (before 7.0.0.15). This may allow a remote attacker to access the server by exploiting an unattended...
CVE-2011-1311
The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...
CVE-2011-1311
The CVE-2011-1311 issue affects IBM WebSphere Application Server (WAS) prior to 7.0.0.15. When a J2EE 1.4 application is used, the Security component determines security role mappings using ibm-application-bnd.xml instead of ibm-application-bnd.xmi. This misconfiguration could allow remote authen...
CVE-2011-1322
The SOAP with Attachments API for Java SAAJ implementation in the Web Services component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption via encrypted SOAP messages...
CVE-2011-1321
The CVE concerns IBM WebSphere Application Server (WAS) where the AuthCache purge in the Security component fails to purge a user from the PlatformCredential cache. Affected products/versions are WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15. Root cause: the purge does not remove the user f...
CVE-2011-1310
CVE-2011-1310 affects IBM WebSphere Application Server (WAS) 6.1.x (before 6.1.0.35) and 7.x (before 7.0.0.15). When tracing is enabled, the Administrative Scripting Tools (wsadmin) command parameters are written to wsadmin.traceout and to trace.log, enabling local users to read potentially sensi...
CVE-2011-1322
CVE-2011-1322 affects the SOAP with Attachments API for Java (SAAJ) in IBM WebSphere Application Server. The Web Services component vulnerable in WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service through memory consumption via encrypted SOAP ...
CVE-2011-1310
The Administrative Scripting Tools component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the 1 wsadmin.traceout and 2 trace.log files, which allows local users to obtain potentially...
CVE-2011-1307
CVE-2011-1307 : IBM WebSphere Application Server (WAS) prior to 7.0.0.15 uses 777 permissions for a temporary log directory in its installer, enabling local users to access log files via standard filesystem operations. This is described as a separate issue from CVE-2009-1173; affected product/ver...
CVE-2011-1319
The Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service memory consumption by using a Lightweight Third-Party Authentication LTPA token for authentication...
CVE-2011-1316
The Session Initiation Protocol SIP Proxy in the HTTP Transport component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service worker thread exhaustion and UDP messaging outage by sending many UDP messages...
Microsoft Remote Desktop Connection Client DLL Loading Arbitrary Code Execution Vulnerability
Description Microsoft Remote Desktop Connection client is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially...
JBoss Application Server Remote Exploit
Exploit for jsp platform in category web applications JBoss AS Remote Exploit by Kingcope use IO::Socket; use LWP::UserAgent; use URI::Escape; use MIME::Base64; sub usage print "JBoss AS Remote Exploit\nby Kingcope\n\nusage: perl jboss.pl \n"; print "example: perl daytona.pl 192.168.2.10 8080...