Moderate: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP07 update

Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix multiple security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP07. This update has been rated as having moderate security impact by the Red Hat Security Respon...

jbossas JMX-Console cross-site-scripting in filter parameter

Cross-site scripting XSS vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key...

jbossas JMX-Console cross-site-scripting in filter parameter

Cross-site scripting XSS vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key...

CVE-2009-2749

CVE-2009-2749 affects IBM WebSphere Application Server 7.0.0.7 with the Feature Pack for Communications Enabled Applications (CEA). The root cause is the use of predictable session values in CEA prior to version 1.0.0.1, which allows a MITM attacker to spoof a collaboration session by guessing th...

IBM WebSphere Application Server Buffer Overflow (CVE-2005-1872)

The IBM WebSphere Application Server is a Java 2 Enterprise Edition J2EE and Web Services-based application server. The software is made available for various vendor operating systems. There exists a buffer overflow vulnerability in IBM's WebSphere Application Server. The vulnerability is caused ...

CVE-2009-2746

Cross-site request forgery CSRF vulnerability in the administrative console in the Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the administrative console in the Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified...

CVE-2009-2746

CVE-2009-2746: IBM WebSphere Application Server’s administrative console is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. Affected versions: WAS 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7. The issue allows an attacker to hijack the authentication of admini...

IBM WebSphere Application Server < 7.0.0.7 Multiple Vulnerabilities

Binary data 5235.prm...

Oracle Application Server Portal Cross Site Scripting

Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. Oracle's Single Sign-On Server SSO was part of Oracle Application Server till version...

Microsoft Windows Kernel NULL Pointer Dereference Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. This issue stems from a NULL-pointer dereference. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in t...

Microsoft Windows Kernel GDI Data Validation Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. This issue affects the Graphics Device Interface GDI. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result ...

Oracle Application Server BPEL Module Cross Site Scripting (CVE-2008-4014)

Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. BPEL Business Process Execution Language is an XML based language used for describing...

Oracle Application Server 10g OPMN Service Format String (CVE-2009-0993)

A format string vulnerability exists in Oracle Application Server. The flaw is due to improper handling of user data when logging the events. A remote attacker could exploit this vulnerability by sending specially crafted request to the target system. In an attack case where code injection is not...

Oracle Application Server Reports desname Arbitrary File Overwriting (CVE-2005-2371)

Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. One of such component is the Oracle Reports Services. The Reports Services component allows...

Oracle Application Server Reports Arbitrary System Command Execution (CVE-2005-2371)

Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. One of such component is the Oracle Reports Services. The Reports Services component allows...

Oracle Application Server Forms Arbitrary System Command Execution (CVE-2005-2372)

Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. One of such component is the Oracle Forms Services. The Forms Services component allows for...

CVE-2009-3407

Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983...

Design/Logic Flaw

Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983...

Design/Logic Flaw

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors...