9852 matches found
CVE-2009-0892
The CVE concerns IBM WebSphere Application Server admin console: WAS 6.1 before 6.1.0.23 and WAS 7.0 before 7.0.0.3 allow attackers to hijack user sessions in specific scenarios related to a forced logout. Affected components are the administrative console on those releases; the root cause is des...
CVE-2009-1173
IBM WebSphere Application Server WAS 7.0 before 7.0.0.3 uses weak permissions 777 for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have been accessible if the intended 755 permissions were used...
CVE-2009-1174
The Web Services Security component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors...
CVE-2009-1172
CVE-2009-1172 affects IBM WebSphere Application Server (WAS). The JAX-RPC WS-Security runtime in WAS 6.1 before 6.1.0.23 and WAS 7.0 before 7.0.0.3, with APAR PK41002 installed, does not properly validate UsernameToken objects. The initial description notes impact as unknown and does not provide ...
CVE-2009-0891
The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 7.0.0.1, 6.1 before Fix Pack 23 6.1.0.23,and 6.0.2 before Fix Pack 33 6.0.2.33 does not properly enforce 1 nonce and 2 timestamp expiration values in WS-Security bindings as stored in the...
CVE-2009-0508
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server WAS 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in 1 web-inf, 2 meta-inf, and unspecified other...
CVE-2009-0508
IBM WebSphere Application Server (WAS) is affected by CVE-2009-0508. Affected versions include WAS 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3. The vulnerability allows remote attackers to read arbitrary files contained in WAR archives (notably in web-inf a...
Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected...
Microsoft Windows Kernel Handle Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected...
Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability
Description The Microsoft Windows WINS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD Web Proxy Autodiscovery Protocol and ISATAP Intra-Site Automatic Tunnel Addressing Protocol entries. An authenticated attacker may...
Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious EMF or WMF image file. Successfully exploiting this issue will allow attackers to execute arbitrary code with kernel-level...
Microsoft Windows DNS Server WPAD Access Validation Vulnerability
Description The Microsoft Windows DNS Server is prone to an access-validation vulnerability because the software fails to properly restrict access when defining WPAD Web Proxy Autodiscovery Protocol entries. An authenticated attacker may exploit this issue to create a WPAD DNS entry. This may aid...
CVE-2009-0856
Multiple cross-site scripting XSS vulnerabilities in sample applications in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
PT-2009-3447 · Ibm · Ibm Websphere Application Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server WAS versions 6.1.0.0 through 6.1.0.22 Description: A cross-site scripting XSS issue exists in the administrative console, allowing remote attackers to inject arbitrary web script or HTML. This could potentiall...
CVE-2009-0855
CVE-2009-0855 is an XSS vulnerability in IBM WebSphere Application Server 6.1, affecting the administrative console on z/OS before 6.1.0.23. The flaw allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected versions are 6.1.0.0 through 6.1.0.22; remediation...
IBM Websphere Application Server 6.17.0 - Administrative Console Cross-Site Scripting
IBM Websphere Application Server 6.17.0 - Administrative Console Cross-Site Scripting source: https://www.securityfocus.com/bid/34001/info IBM WebSphere Application Server WAS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker m...
Design/Logic Flaw
Unspecified vulnerability in IBM WebSphere Application Server WAS 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans EJB interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via...
CVE-2009-0506
CVE-2009-0506 affects IBM WebSphere Application Server 5.1 and 6.0.2 before 6.0.2.33 on z/OS when CSIv2 Identity Assertion is enabled and EJB interaction occurs between a WAS 6.1 instance and a pre-6.1 instance. The vulnerability allows local users to cause an unknown impact via two vectors: (1) ...
CVE-2008-4285
CVE-2008-4285 affects IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19, specifically the Servlet Engine/Web Container PMI feature. When a component statistic is enabled, it allows a denial of service (daemon crash) via vectors described as a gradual degradation in performance. No expl...
CVE-2009-0504
The CVE-2009-0504 issue affects IBM WebSphere Application Server 7.0.x (Web Services/WSPolicy). Before version 7.0.0.1, WSPolicy does not correctly recognize IDAssertion.isUsed, enabling local users to read a SOAP message and discover a password. The NVD entry notes a LOW impact with LOCAL access...