9852 matches found
CVE-2008-7235
CVE-2008-7235 affects Oracle Forms in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3. The vulnerability is described as unspecified, with remote attackers able to affect integrity via unknown vectors (aka AS04). The connected records confirm the affected stack but Do not provide c...
CVE-2008-7236
Affected software: Oracle Application Server 10.1.2.2 and 10.1.3.1, specifically the Oracle JDeveloper component. The entry describes an unspecified vulnerability that allows remote attackers to affect integrity via unknown vectors (aka AS05). The publicly available data provide no concrete explo...
CVE-2008-7237
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows remote authenticated users to affect confidentiality via unknown vectors, aka AS06...
Orion Application Server Cross Site Scripting
R08-08: Several XSS on Orion Application server 2.0 to 2.0.8 Vulnerability found: May 2008 Revalidated 23 July 2009 Vendor informed: 27th July 09 Vulnerability fixed: Severity: Medium Description: Various Orion application application server example pages are vulnerable to XSS. Orion application...
Various Orion application application server example pages are vulnerable to XSS.
R08-08: Several XSS on Orion Application server 2.0 to 2.0.8 Vulnerability found: May 2008 Revalidated 23 July 2009 Vendor informed: 27th July 09 Vulnerability fixed: Severity: Medium Description: Various Orion application application server example pages are vulnerable to XSS. Orion application...
xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
Microsoft Windows TCP/IP Orphaned Connection Remote Denial of Service Vulnerability
Description Microsoft Windows TCP/IP protocol implementation is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to crash the affected computer, denying service to legitimate users. Technologies Affected Avaya Messaging Application Server Avaya Messaging...
Microsoft Windows TCP/IP TimeStamps Remote Code Execution Vulnerability
Description Microsoft Windows TCP/IP protocol implementation is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Technologies Affected Avaya...
Microsoft DHTML Editing Component ActiveX Control Remote Code Execution Vulnerability
Description The Microsoft DHTML Editing Component ActiveX control is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context...
CVE-2009-2932
Cross-site scripting XSS vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server Java 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field...
CVE-2009-2932
Cross-site scripting XSS vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server Java 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field...
IBM WebSphere Application Server Feature Pack for SCA安全绕过漏洞
IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 IBM WebSphere Application Server Feature Pack for SCA存在一个未明错误,没有被指派为scaAllAuthorizedUsers角色的恶意用户可绕过验证,获得对系统的访问。 IBM WebSphere Application Server Feature Pack for Service Component Architecture SCA 1.x 厂商解决方案 用户可联系供应商获得IBM WebSphere Application...
Directory traversal
Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. dot dot in the logfile parameter...
CVE-2009-1873
Directory traversal vulnerability in logging/logviewer.jsp in the Management Console in Adobe JRun Application Server 4 Updater 7 allows remote authenticated users to read arbitrary files via a .. dot dot in the logfile parameter...
CVE-2009-1873
Adobe JRun 4.x Management Console is affected by CVE-2009-1873: a directory traversal in logviewer.jsp that, when exploited by an authenticated remote attacker via the logfile parameter, allows reading arbitrary files on the server. Affected product is Adobe JRun Application Server 4 Updater 7. C...
Preemptive Protection against Adobe JRun 4.0 Directory Traversal File Read Vulnerability (APSB09-12)
A directory traversal vulnerability was reported in the Adobe Systems JRun. JRun is an application server based on Java 2 Platform, Enterprise Edition J2EE. It works with popular Web servers including Apache and IIS. This vulnerability allows an attacker to access normally-inaccessible files and...
[SECURITY] [DSA 1863-1] New zope2.10/zope2.9 packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA-1863-1 [email protected] http://www.debian.org/security/ Nico Golde August 15th, 2009 http://www.debian.org/security/faq -...
DSA-1863-1 zope2.10 zope2.9 - arbitrary code execution
Bulletin has no description...
Design/Logic Flaw
IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions JMX Management Beans aka MBeans access restrictions, and cause a denial of service...