Microsoft Internet Explorer Developer Toolbar HTML Element Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Meetin...

Microsoft Excel 'DBQueryExt' ActiveX Data Object (ADO) Parsing Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...

Microsoft Excel 'ExternName' Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...

Microsoft Office XML Converter for Mac Local Privilege Escalation Vulnerability

Description Microsoft Office XML Converter for Mac is prone to a local privilege-escalation vulnerability that affects filesystem Access Control Lists ACLs. A local attacker can exploit this issue to execute arbitrary code with superuser privileges. Successful exploits may result in the complete...

Microsoft Excel RTD Records Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...

Microsoft Windows COM Object Validation Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Excel, PowerPoint, Publisher, Visio, Wordpad, or Word file. Successful exploits would allow the attacker to execute arbitrary code in the...

Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...

Microsoft Excel SxView Record Parsing Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel '.xls' file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running...

Microsoft Windows Media Decompression (CVE-2010-1879) Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability when handling compressed media files. An attacker can exploit this issue by enticing an unsuspecting user to open a malicious file. A successful exploit may allow arbitrary code to run in the context of the currently...

Microsoft Internet Explorer Uninitialized Memory (CVE-2010-1259) Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks may cause denial-of-service conditions. Technologies Affected Avaya Meetin...

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

Added: 06/07/2010 CVE: CVE-2010-0738 BID: 39710 OSVDB: 64171 Background JBoss Application Server AS is a full-featured open source Java application server that includes full support for J2EE-based APIs. JBoss AS runs on numerous operating systems e.g., Linux, FreeBSD, Mac OS X, and Microsoft...

RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass

Added: 06/07/2010 CVE: CVE-2010-0738 BID: 39710 OSVDB: 64171 Background JBoss Application Server AS is a full-featured open source Java application server that includes full support for J2EE-based APIs. JBoss AS runs on numerous operating systems e.g., Linux, FreeBSD, Mac OS X, and Microsoft...

Cross site scripting

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

Cross site scripting

Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...

CVE-2010-2086

Affected software: Apache MyFaces 1.1.7 and 1.2.8 (as used in IBM WebSphere Application Server and other apps). Vulnerability : Unencrypted view state handling allows remote attackers to perform cross-site scripting (XSS) or execute arbitrary EL statements by modifying the serialized view object....

CVE-2010-2086

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

CVE-2010-2087

CVE-2010-2087: Oracle Mojarra 1.2_14 and 2.0.2 (as used in IBM WebSphere Application Server, Caucho Resin, and other apps) fails to properly protect an unencrypted view state. This enables remote attackers to perform cross-site scripting (XSS) or execute arbitrary Expression Language (EL) stateme...

IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability

IBM WebSphere Application Server WAS is prone to an information- disclosure vulnerability. Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks. This issue affects WAS 6.0, 6.1, and 7.0. OpenVAS Vulnerability Test $Id: gbibmwebsphere40277.nas...

Resin resin-admin/digest.php XSS

The remote host is running Resin, an application server. The 'resin-admin/digest.php' script included with the version of Resin listening on the remote host fails to sanitize user input to the 'digestrealm' and/or 'digestusername' parameters before using it to generate dynamic HTML output. An...

IBM WebSphere Application Server Long Filename Information Disclosure Vulnerability (May 2010)

IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...