Code injection

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors...

Design/Logic Flaw

The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...

Code injection

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file...

Design/Logic Flaw

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the defaultcreate.log file that is associated with profile creation by the BBOWWPFx job and the zPMT...

Design/Logic Flaw

modibmssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server WAS on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service daemon...

CVE-2010-2328

CVE-2010-2328 affects IBM WebSphere Application Server (WAS) 7.0 prior to 7.0.0.11. The HTTP Channel can be triggered by a large amount of chunked data using gzip compression, causing a NullPointerException and a denial of service. The vulnerability is documented across multiple sources (NVD entr...

CVE-2010-2327

modibmssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server WAS on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service daemon...

CVE-2010-2324

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors...

CVE-2010-2326

CVE-2010-2326 affects IBM WebSphere Application Server 7.0 prior to 7.0.0.11. When addNode -trace is used during node federation, an attacker can read addNode.log to obtain sensitive information about CIMMetadataCollectorImpl trace actions. Root cause is information disclosure via debugging/loggi...

CVE-2010-2323

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 on z/OS might allow attackers to obtain sensitive information by reading the defaultcreate.log file that is associated with profile creation by the BBOWWPFx job and the zPMT...

CVE-2010-2326

IBM WebSphere Application Server WAS 7.0 before 7.0.0.11, when addNode -trace is used during node federation, allows attackers to obtain sensitive information about CIMMetadataCollectorImpl trace actions by reading the addNode.log file...

CVE-2010-2328

The HTTP Channel in IBM WebSphere Application Server WAS 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service NullPointerException via a large amount of chunked data that uses gzip compression...

CVE-2010-2323

CVE-2010-2323 affects IBM WebSphere Application Server (WAS) 7.0 on z/OS prior to 7.0.0.11. The issue could allow an attacker to obtain sensitive information by reading the default_create.log file written during profile creation by the BBOWWPFx job and the zPMT. The underlying cause is improper h...

CVE-2010-2324

CVE-2010-2324 affects IBM WebSphere Application Server 7.0 before 7.0.0.11 on z/OS. The provided sources describe an unspecified "link injection" action via unknown vectors; no concrete exploit details, affected subcomponents, or remediation steps are given in the documents.

CVE-2010-2325

CVE-2010-2325 describes an XSS vulnerability in the IBM WebSphere Application Server (WAS) 7.0 administrative console on z/OS, affecting versions before 7.0.0.11. The issue is related to the admin UI and involves URL injection that can allow remote attackers to inject arbitrary web script or HTML...

IBM WebSphere Application Server 'addNode.log' Information Disclosure Vulnerability

IBM WebSphere Application Server WAS is prone to an information- disclosure vulnerability. A local authenticated attacker can exploit this issue to gain access to sensitive information; this may aid in further attacks. Versions prior to WAS 7.0.0.11 are vulnerable. OpenVAS Vulnerability Test $Id:...

IBM WebSphere Application Server < 7.0.0.11 Information Disclosure Vulnerability

IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer Uninitialized Memory (CVE-2010-1259) Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Meetin...

Microsoft Excel EDG and Publisher Record Parsing Remote Heap Buffer Overflow Vulnerability

Description Microsoft Excel is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the...

Microsoft Windows Media Decompression (CVE-2010-1879) Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability when handling compressed media files. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. A successful exploit may allow arbitrary code to run in the context of the currently...