IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities

The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmwasxssncsrfvuln.nasl 5306 2017-02-16 09:00:16Z teissa $ IBM WebSphere Application Server WAS XSS and CSRF Vulnerabilities Authors: Sooraj KS Copyright: Copyright c...

IBM WebSphere Application Server 7.x < 7.0.0.13 Multiple Vulnerabilities

IBM WebSphere Application Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IBM WebSphere Application Server XSS and CSRF Vulnerabilities (Nov 2010)

IBM WebSphere Application Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP09 update

JBoss Enterprise Application Platform JBEAP 4.3.0.CP09, which fixes three security issues and multiple bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS ba...

Microsoft Windows User Access Control (UAC) Bypass Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that affects the 'RtlQueryRegistryValues' API function. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of...

IBM WebSphere Application Server 7.x < 7.0.0.13 DoS Vulnerability

IBM WebSphere Application Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2010-4220

Cross-site scripting XSS vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."...

CVE-2010-0786

The Web Services Security component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services aka JAX-WS, which allows remote attackers to cause a denial of service data corruption via a crafted JAX-WS request that leads to incorrect...

CVE-2010-0785

Cross-site request forgery CSRF vulnerability in the Administrative Console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2010-0783

Cross-site scripting XSS vulnerability in the Administrative Console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-0785

IBM WebSphere Application Server Administrative Console is affected by CVE-2010-0785: a CSRF vulnerability that could allow an attacker to hijack user sessions. Affected products/versions include WAS 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13. The issue is referenced across multiple vulnerabilit...

CVE-2010-0786

IBM WebSphere Application Server 7.x is affected by CVE-2010-0786 in the Web Services Security/JAX-WS handling. WAS 7.0 before 7.0.0.13 allows remote attackers to trigger a denial of service via a crafted JAX-WS request that leads to data corruption due to improper JAX-WS implementation. Affected...

CVE-2010-0785

Cross-site request forgery CSRF vulnerability in the Administrative Console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2010-0783

Cross-site scripting XSS vulnerability in the Administrative Console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-4220

IBM WebSphere Application Server 7.x is vulnerable to a cross-site scripting (XSS) issue in the Integrated Solution Console and Administrative Console. The vulnerability, CVE-2010-4220, arises from improper input filtering (related to URL injection) and affects WAS 7.0 before 7.0.0.13. Remote att...

CVE-2010-3700

CVE-2010-3700 affects Spring Security (SpringSource) 2.x up to 2.0.5 and 3.x up to 3.0.3, and Acegi Security 1.0.0–1.0.7, notably when used in IBM WebSphere Application Server 6.1/7.0. The root cause is that URL path parameters are not consistently excluded from getPathInfo(), allowing an attacke...

Oracle BPEL Console 10.1.3.3.0 Cross Site Scripting

Digital Security Research Group DSecRG Advisory DSECRG-09-032 Application: Oracle BPEL Console version 10.1.3.3.0 Versions Affected: Oracle BPEL Console version 10.1.3.3.0 Vendor URL: http://www.oracle.com Bugs: XSS Exploits: YES Reported: 18.03.2009 Vendor response: 19.03.2009 Date of Public...

[DSECRG-09-032] Oracle Application Server - Linked XSS vulnerability

Digital Security Research Group DSecRG Advisory DSECRG-09-032 Application: Oracle BPEL Console version 10.1.3.3.0 Versions Affected: Oracle BPEL Console version 10.1.3.3.0 Vendor URL: http://www.oracle.com Bugs: XSS Exploits: YES Reported: 18.03.2009 Vendor response: 19.03.2009 Date of Public...

Microsoft Windows OpenType Font (OTF) Format Driver CVE-2010-2741 Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts...

Microsoft Internet Explorer Uninitialized Memory Word Document Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. The following versions of the...