Design/Logic Flaw

The Migration component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file...

CVE-2009-2085

The Security component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans E...

CVE-2009-2087

The Web Services functionality in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...

CVE-2009-2092

IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors...

CVE-2009-0906

The Service Component Architecture SCA feature pack for IBM WebSphere Application Server WAS SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors...

CVE-2009-2091

The System Management/Repository component in IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2009-2092

CVE-2009-2092 affects IBM WebSphere Application Server 7.0 up to before 7.0.0.5. The vulnerability arises from improper handling of the portletServingEnabled parameter in ibm-portlet-ext.xmi, allowing remote attackers to bypass access restrictions via unknown vectors. The issue is documented in N...

CVE-2009-2089

CVE-2009-2089 affects IBM WebSphere Application Server: the Migration component in WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 can reveal sensitive information by readers of a Migration Trace file when tracing during a 6.1→7.0 migration. The issue enables remote authenticated users to obtain p...

CVE-2009-2092

IBM WebSphere Application Server WAS 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors...

CVE-2009-2085

CVE-2009-2085 affects IBM WebSphere Application Server 6.1 (before 6.1.0.25) and 7.0 (before 7.0.0.5). The vulnerability arises from improper handling of Identity Assertion when CSIv2 Security is used, allowing remote attackers to bypass intended CSIv2 access restrictions via vectors involving En...

CVE-2009-2087

The Web Services functionality in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...

CVE-2009-2087

CVE-2009-2087 affects IBM WebSphere Application Server (WAS) 6.1 prior to 6.1.0.25 and 7.0 prior to 7.0.0.5. In certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, WAS uses weak password obfuscation that can allow local users to cause a denial o...

CVE-2009-0906

CVE-2009-0906 affects IBM WebSphere Application Server’s Service Component Architecture (SCA) feature pack for SCA 1.0, prior to version 1.0.0.3. The vulnerability allows remote authenticated users to bypass authentication/transport access restrictions and obtain unspecified access via unknown ve...

CVE-2009-2091

CVE-2009-2091 affects IBM WebSphere Application Server 7.0 on z/OS prior to 7.0.0.5. The issue is in the System Management/Repository component, which uses weak file permissions for new applications, allowing remote attackers to obtain sensitive information via unspecified vectors. The vulnerabil...

CVE-2009-2090

CVE-2009-2090 affects IBM WebSphere Application Server 7.0 (wsadmin, System Management/Repository). The vulnerability allows remote bypass of JMX MBeans access restrictions and can lead to a denial of service (daemon stop) via unknown vectors. Affected: WAS 7.0 before 7.0.0.5. Root cause and exac...

CVE-2009-2088

IBM WebSphere Application Server (WAS) 6.1 prior to 6.1.0.25 and 7.0 prior to 7.0.0.5 are affected. When SPNEGO Single Sign-On (SSO) and disableSecurityPreInvokeOnFilters are configured, authentication can be bypassed by requesting a "secure URL" due to the invokefilterscompatibility property. Th...

Microsoft Windows Embedded OpenType Font Engine Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability that may affect the Embedded OpenType font engine. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will completely compromise affected computers...

Oracle Critical Patch Update Advisory - July 2009

Oracle Critical Patch Update Advisory - July 2009 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...

Design/Logic Flaw

Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors...

Authentication flaw

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...