9852 matches found
CVE-2008-2751
Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...
CVE-2008-2751
CVE-2008-2751 concerns multiple XSS vulnerabilities in the GlassFish 2 Sun Java System Application Server 9.1_01 webadmin interface. The disclosed vectors affect the JSF pages (resourceNode, applications, etc.) via numerous form fields (e.g., jndiProp, resTypeProp, factoryClassProp, descProp, nam...
Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability
Description Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open and interact with malicious Word files. Successfully exploiting this issue will corrupt memory and crash the application. Given the nature of this...
GlassFish Application Server - resourceNodejmsConnectionNew.jsf Multiple Cross-Site Scripting Vulnerabilities
GlassFish Application Server - resourceNodejmsConnectionNew.jsf Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29751/info Sun Glassfish is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. ...
GlassFish Application Server - resourceNodeexternalResourceNew.jsf Multiple Cross-Site Scripting Vulnerabilities
GlassFish Application Server - resourceNodeexternalResourceNew.jsf Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29751/info Sun Glassfish is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied dat...
GlassFish Application Server - '/resourceNode/jmsConnectionNew.jsf' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/29751/info Sun Glassfish is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...
GlassFish Application Server - '/Applications/lifecycleModulesNew.jsf' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/29751/info Sun Glassfish is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...
Code injection
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors...
glassfish-xss.txt
============================== XSS - Glassfish Web Admin Interface Sun Java System Application Server 9.101 build b09d-fcs ============================== Author: Eduardo Neves a.k.a eth0 Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION :...
Microsoft DirectX MJPEG Video Streaming Stack Based Buffer Overflow Vulnerability
Description Microsoft DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running th...
Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
Description Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory, ADAM Active Directory Application Mode, and AD LDS Active Directory Lightweight Directory Service fail to handle specially crafted Lightweight Directory Access Protocol LDAP...
XSS - Glassfish Web Admin Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) )
============================== XSS - Glassfish Web Admin Interface Sun Java System Application Server 9.101 build b09d-fcs ============================== Author: Eduardo Neves a.k.a eth0 Date: 10 june 2008 Site: http://webappsecurity.wordpress.com ============================== APPLICATION :...
IBM WebSphere Application Server < 6.1.0.17 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 17 appears to be running on the remote host. As such, it is reportedly affected by multiple flaws : - An attribute in a SOAP security header may cause a security exposure in Web Services applications. PK61315 - An unspecified vulnerability in t...
iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages Information Disclosure Vulnerability
iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...
CVE-2008-2550
Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header...
CVE-2008-2550
IBM WebSphere Application Server 6.1 prior to 6.1.0.17 is affected by a vulnerability in the Web Services Security SOAP header attribute, with unspecified impact and attack vectors. The issue is associated with CVE-2008-2550. Public references note the vulnerability exists in WAS 6.1 before Fix P...
Oracle Application Server Portal 10g Authentication Bypass
The remote host is running Oracle Application Server. By sending a specially crafted GET request to the version of Oracle Application Server installed on the remote host, an unauthenticated attacker can access potentially sensitive files listed under the directory '/davportal/portal'. C Tenable...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web GUI in SAP Web Application Server WAS 7.0, Web Dynpro for ABAP aka WD4A or WDA, and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under bc/gui/sap/its/webgui/...
CVE-2008-2421
Cross-site scripting XSS vulnerability in the Web GUI in SAP Web Application Server WAS 7.0, Web Dynpro for ABAP aka WD4A or WDA, and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under bc/gui/sap/its/webgui/...
CVE-2008-2421
CVE-2008-2421 concerns a Cross-site Scripting (XSS) vulnerability in the Web GUI of SAP Web Application Server (WAS) 7.0, affecting Web Dynpro for ABAP (WD4A/WDA) and Web Dynpro for BSP. The issue allows remote attackers to inject arbitrary web script or HTML via PATH_INFO to the default URI unde...