Lucene search
K

9863 matches found

Cvelist
Cvelist
added 2011/03/08 9:0 p.m.21 views

CVE-2011-1308

Cross-site scripting XSS vulnerability in the Installation Verification Test IVT application in the Install component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.4AI score0.01086EPSS
Exploits0References5
Cvelist
Cvelist
added 2011/03/08 9:0 p.m.27 views

CVE-2011-1309

The Plug-in component in IBM WebSphere Application Server WAS before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors...

6.3AI score0.01187EPSS
Exploits0References4
CVE
CVE
added 2011/03/08 9:0 p.m.64 views

CVE-2011-1312

CVE-2011-1312 affects IBM WebSphere Application Server (WAS) Administrative Console. The vulnerability concerns WAS 6.1.0.x (before 6.1.0.31) and 7.x (before 7.0.0.15), where remote authenticated administrators could bypass access restrictions by mapping a (1) user or (2) group to an administrato...

4CVSS6.1AI score0.01027EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/03/08 9:0 p.m.68 views

CVE-2011-1317

CVE-2011-1317 affects IBM WebSphere Application Server (WAS) JSP component WASJSPStrBufferImpl, where a memory leak can be triggered by large JSP responses. Affects WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15. Exploitation could lead to denial of service via memory consumption by sending ...

5CVSS6.5AI score0.01105EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/03/08 9:0 p.m.33 views

CVE-2011-1321

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group...

6.2AI score0.00967EPSS
Exploits0References2
CVE
CVE
added 2011/03/08 9:0 p.m.60 views

CVE-2011-1314

The CVE concerns IBM WebSphere Application Server (WAS) — specifically the Service Integration Bus (SIB) messaging engine — and affects WAS versions prior to 7.0.0.15. An attacker can remotely cause a denial-of-service (daemon hang) by performing close operations over network connections to a que...

5CVSS6.5AI score0.01105EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/03/08 9:0 p.m.51 views

CVE-2011-1308

IBM WebSphere Application Server (WAS) versions affected by CVE-2011-1308 include the Installation Verification Test (IVT) in the Install component up to 7.0.0.15. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via unspec...

4.3CVSS5.5AI score0.01086EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2011/03/08 9:0 p.m.68 views

CVE-2011-1320

CVE-2011-1320 concerns IBM WebSphere Application Server (WAS) with the TIP/eWAS framework where, on logout, AuthCache entries are not properly deleted for WAS 6.1.0.x (before 6.1.0.35) and WAS 7.x (before 7.0.0.15). This may allow a remote attacker to access the server by exploiting an unattended...

6.8CVSS6.5AI score0.01052EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/03/08 9:0 p.m.29 views

CVE-2011-1311

The Security component in IBM WebSphere Application Server WAS before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated...

6.3AI score0.00857EPSS
Exploits0References2
CVE
CVE
added 2011/03/08 9:0 p.m.57 views

CVE-2011-1311

The CVE-2011-1311 issue affects IBM WebSphere Application Server (WAS) prior to 7.0.0.15. When a J2EE 1.4 application is used, the Security component determines security role mappings using ibm-application-bnd.xml instead of ibm-application-bnd.xmi. This misconfiguration could allow remote authen...

6CVSS6.5AI score0.00857EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/03/08 9:0 p.m.31 views

CVE-2011-1322

The SOAP with Attachments API for Java SAAJ implementation in the Web Services component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service memory consumption via encrypted SOAP messages...

6.3AI score0.01631EPSS
Exploits0References2
CVE
CVE
added 2011/03/08 9:0 p.m.62 views

CVE-2011-1321

The CVE concerns IBM WebSphere Application Server (WAS) where the AuthCache purge in the Security component fails to purge a user from the PlatformCredential cache. Affected products/versions are WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15. Root cause: the purge does not remove the user f...

6.5CVSS6.4AI score0.00967EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/03/08 9:0 p.m.59 views

CVE-2011-1310

CVE-2011-1310 affects IBM WebSphere Application Server (WAS) 6.1.x (before 6.1.0.35) and 7.x (before 7.0.0.15). When tracing is enabled, the Administrative Scripting Tools (wsadmin) command parameters are written to wsadmin.traceout and to trace.log, enabling local users to read potentially sensi...

1.9CVSS5.6AI score0.0027EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/03/08 9:0 p.m.71 views

CVE-2011-1322

CVE-2011-1322 affects the SOAP with Attachments API for Java (SAAJ) in IBM WebSphere Application Server. The Web Services component vulnerable in WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service through memory consumption via encrypted SOAP ...

5CVSS6.6AI score0.01631EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/03/08 9:0 p.m.28 views

CVE-2011-1310

The Administrative Scripting Tools component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the 1 wsadmin.traceout and 2 trace.log files, which allows local users to obtain potentially...

5.5AI score0.0027EPSS
Exploits0References2
CVE
CVE
added 2011/03/08 9:0 p.m.58 views

CVE-2011-1307

CVE-2011-1307 : IBM WebSphere Application Server (WAS) prior to 7.0.0.15 uses 777 permissions for a temporary log directory in its installer, enabling local users to access log files via standard filesystem operations. This is described as a separate issue from CVE-2009-1173; affected product/ver...

2.1CVSS6AI score0.00306EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/03/08 9:0 p.m.31 views

CVE-2011-1319

The Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service memory consumption by using a Lightweight Third-Party Authentication LTPA token for authentication...

6AI score0.01402EPSS
Exploits0References2
Cvelist
Cvelist
added 2011/03/08 9:0 p.m.28 views

CVE-2011-1316

The Session Initiation Protocol SIP Proxy in the HTTP Transport component in IBM WebSphere Application Server WAS before 7.0.0.15 allows remote attackers to cause a denial of service worker thread exhaustion and UDP messaging outage by sending many UDP messages...

6.3AI score0.01105EPSS
Exploits0References2
Symantec
Symantec
added 2011/03/08 12:0 a.m.15 views

Microsoft Remote Desktop Connection Client DLL Loading Arbitrary Code Execution Vulnerability

Description Microsoft Remote Desktop Connection client is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially...

Exploits0References4Affected Software6
0day.today
0day.today
added 2011/03/05 12:0 a.m.26 views

JBoss Application Server Remote Exploit

Exploit for jsp platform in category web applications JBoss AS Remote Exploit by Kingcope use IO::Socket; use LWP::UserAgent; use URI::Escape; use MIME::Base64; sub usage print "JBoss AS Remote Exploit\nby Kingcope\n\nusage: perl jboss.pl \n"; print "example: perl daytona.pl 192.168.2.10 8080...

7.1AI score
Exploits0
Rows per page
Query Builder