Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability

Description Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to properly handle 'LNK' files or 'PIF' files. An attacker may exploit this issue to execute arbitrary code. The attacker must entice a victim to view a specially crafte...

Sun Java System Application Server Local Vulnerability

Sun Java System Application Server is prone to a local vulnerability. The 'GUI' sub component is affected. This vulnerability affects the following supported versions: Sun Java System Application Server 8.0, 8.1, 8.2. OpenVAS Vulnerability Test $Id: gbsunjavasystemapplicationserver41638.nasl 5373...

CVE-2010-2397

Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI...

Design/Logic Flaw

Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI...

Design/Logic Flaw

Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0081...

CVE-2010-2397

Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI...

CVE-2010-2397

The CVE-2010-2397 issue affects Sun Java System Application Server versions 8.0, 8.1, 8.2 and GlassFish Enterprise Server 2.1.1. The connected sources describe a local GUI-related vulnerability that can affect confidentiality and integrity when an attacker has local access. The root cause is not ...

CVE-2010-2381

Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0081...

CVE-2010-2381

CVE-2010-2381 affects Oracle Fusion Middleware Application Server Control, versions 10.1.2.3 and 10.1.4.0.1. The vulnerability allows remote attackers with a valid session to impact integrity via unknown vectors (Network, requires authentication per Oracle risk matrices). No public exploit detail...

Design/Logic Flaw

Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381...

CVE-2010-0081

Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381...

CVE-2010-0081

Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381...

RedHat JBoss Enterprise JMX Console Authentication Bypass (CVE-2010-0738)

JBoss Application Server JBoss AS is a free software and open-source Java EE-based application server. An authentication bypass vulnerability has been reported in JBoss Enterprise Application Platform JMX Console application. The vulnerability is due to the authentication policy within the...

Malicious File Upload

The application server accepted a vbscript file, an HTML file containing JavaScript, and the EICAR test virus as allowed attachments. This means that an attacker could submit a malicious file to the backend, where the file might be launched by another internal RIM employee if they click and open...

CVE-2010-0779

CVE-2010-0779 is an XSS vulnerability in IBM WebSphere Application Server (WAS) with affected versions: 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11. The issue is described as a cross-site scripting flaw in the Administration Console that allows remote attackers to inject arb...

CVE-2010-0778

CVE-2010-0778 describes an XSS vulnerability in IBM WebSphere Application Server (WAS) Administration Console. Affected products are WAS 6.1 prior to 6.1.0.33 and WAS 7.0 prior to 7.0.0.11. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The under...

IBM WebSphere Application Server 7.0 < Fix Pack 11 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 11 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - WS-Security processing problems with PKIPath and PKCS7 tokens could lead to a security bypass vulnerability. PK96427 - An...

IBM WebSphere应用服务器default_create.log信息泄露漏洞

BUGTRAQ ID: 40694 CVE ID: CVE-2010-2323 IBM Websphere应用服务器以Java和Servlet引擎为基础，支持多种HTTP服务，可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 在目标系统上使用zPMT和BBOWWPFx任务模板创建配置文件的时候，可能会向defaultcreate.log日志中写入敏感信息。 IBM Websphere Application Server 7.0.x 厂商补丁： IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2010-2324

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors...

CVE-2010-2327

modibmssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server WAS on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service daemon...