CVE-2009-1010

CVE-2009-1010 is a buffer/heap overflow in Oracle Outside In Technology (Outside In SDK HTML Export 8.2.2/8.3.0; affected variants include 8.3.0.5129, 8.2.2.4866, and related builds). iDefense describes multiple integer overflow paths when processing Excel records, leading to heap buffer overflow...

CVE-2009-0993

Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable...

CVE-2009-1011

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented o...

CVE-2009-1009

CVE-2009-1009 concerns Oracle Outside In Technology (Outside In SDK/HTML Export) used with Oracle Application Server 8.1.9. The issue is a set of buffer-overflow vulnerabilities in processing Microsoft Excel spreadsheet records, caused by missing bounds checks when handling records/arrays of stru...

CVE-2009-1011

CVE-2009-1011 concerns a multiple integer overflow in Oracle Outside In Technology as included in Oracle Application Server (8.2.2 and 8.3.0). The vulnerability arises when Outside In processes an optional data stream inside Microsoft Office files; an unchecked integer value can trigger arithmeti...

IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws

IBM WebSphere Application Server 6.1 before Fix Pack 23 appears to be installed on the remote host. Such versions are reportedly affected by multiple vulnerabilities : - Provided an attacker has valid credentials, it may be possible to hijack an authenticated session. PK66676 - It may be possible...

Microsoft Internet Explorer 'EMBED' Tag Uninitialized Memory Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...

Microsoft WordPad Word 97 Converter Remote Code Execution Vulnerability

Description Microsoft WordPad is prone to a remote code-execution vulnerability because of a stack-based buffer overflow that may result in corrupted memory. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts...

Microsoft Windows Thread Pool ACL Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers. The issue affects the following: Windows Vista Windows Server...

Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a vulnerability that could let attackers replay NTLM NT LAN Manager credentials. A successful exploit would let an attacker execute arbitrary code in the context of the affected user. Technologies Affected Avaya Messaging Application Server Avaya Messagin...

Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability

Description Microsoft Word 2000 is prone to a remote code-execution vulnerability because it fails to properly validate an unspecified string when parsing a WordPerfect document. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user...

Microsoft Internet Explorer Uninitialized Memory Variant One Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks m...

Code injection

Multiple unspecified vulnerabilities in the Web management interface in Avaya SIP Enablement Services SES 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allow remote attackers to obtain 1 application server configuration, 2 database server configuration including encrypted passwords...

IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0.2 before Fix Pack 33 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - Provided an attacker has valid credentials, it may be possible to hijack an authenticated session. PK66676 - The PerfServlet code...

[DSECRG-09-013] IBM WebSphere Application Server 7.0 Multiple XSS Vulnerabilities

Digital Security Research Group DSecRG Advisory DSECRG-09-013 !!! official advisory: !!! http://dsecrg.com/pages/vul/DSECRG-09-013.html Application: IBM WebSphere Application Server Versions Affected: 7.0 and 6.1 Vendor URL: http://www.ibm.com/websphere/ Bug: Multiple XSS Vulnerabilities Exploits...

IBM WebSphere Application Server crossite scripting

Multiple crossite scripting possibilities...

CVE-2009-1174

The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors...

Design/Logic Flaw

The administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allows attackers to hijack user sessions in "specific scenarios" related to a forced logout...

CVE-2009-1174

IBM WebSphere Application Server shows a vulnerability in its Web Services Security XML digital-signature handling. Affected products/versions: WebSphere Application Server 6.0.2 prior to 6.0.2.35 and 7.0 prior to 7.0.0.3. Root cause: an unspecified security problem in the XML digital-signature s...

CVE-2009-1173

IBM WebSphere Application Server 7.0 prior to 7.0.0.3 is affected by a permissions issue where files associated with interim fixes use 777 instead of the intended 755. This weak permission set could allow an attacker to modify these files and potentially impact the environment where the interim f...