CVE-2008-1040

Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI...

CVE-2008-0740

IBM WebSphere Application Server WAS before 6.0.2 Fix Pack 25 6.0.2.25 and 6.1 before Fix Pack 15 6.1.0.15 writes unspecified cleartext information to httpplugin.log, which might allow local users to obtain sensitive information by reading this file...

CVE-2008-0741

Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server WAS before 6.0.2 Fix Pack 25 6.0.2.25 has unknown impact and attack vectors...

CVE-2008-0741

CVE-2008-0741 concerns IBM WebSphere Application Server (WAS) 6.0.x prior to Fix Pack 25 (6.0.2.25). It is a vulnerability in the PropFilePasswordEncoder utility with unknown impact and attack vectors as described in the provided sources. The exact affected component/conditions are not elaborated...

CVE-2008-0740

IBM WebSphere Application Server WAS before 6.0.2 Fix Pack 25 6.0.2.25 and 6.1 before Fix Pack 15 6.1.0.15 writes unspecified cleartext information to httpplugin.log, which might allow local users to obtain sensitive information by reading this file...

CVE-2008-0740

IBM WebSphere Application Server (WAS) versions affected: 6.0.x before Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15). The vulnerability involves writing unspecified cleartext information to http_plugin.log, which could enable local users to read and obtain sensitive data. There is ...

Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability

Description Microsoft Object Linking and Embedding OLE Automation is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. An attacker could exploit this issue by enticin...

Microsoft Word Unspecified Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in...

Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability

Description Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory and ADAM Active Directory Application Mode fail to handle specially crafted Lightweight Directory Access Protocol LDAP requests. An attacker can exploit this issue to cause the...

SAP Netviewer 7.0 — XSS Security Vulnerability

Application: SAP Web Application Server, Web Dynpro ABAP and for BSP Versions Affected: Version 7.0 Vendor URL: Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 CVE number: 2008-2421 Description: XSS IN BPELCONSOLE/DEFAULT/ACTIVITIES.JSP...

CVE-2008-0389

CVE-2008-0389 affects IBM WebSphere Application Server (WAS) versions 6.0–6.0.2.25, 6.1–6.1.0.14, and 5.1.1.x before 5.1.1.18, specifically the serveServletsByClassnameEnabled feature. The initial sources provide an unspecified vulnerability with unknown impact and attack vectors; no concrete exp...

CVE-2008-0347

Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that...

CVE-2008-0346

Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01...

CVE-2008-0347

Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that...

CVE-2008-0346

Technical details about CVE-2008-0346 are not publicly provided in the supplied connected documents. The entries reference Oracle Application Server Jinitiator but do not specify vulnerable components, versions, impact, or fixes. Monitor for updates.

Debian Security Advisory DSA 1275-1 (zope2.7)

The remote host is missing an update to zope2.7 announced via advisory DSA 1275-1. A cross-site scripting vulnerability in zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser. This code would run within the security...

Debian Security Advisory DSA 1176-1 (zope2.7)

The remote host is missing an update to zope2.7 announced via advisory DSA 1176-1. It was discovered that the Zope web application server does not disable the csvtable directive in web pages containing ReST markup, allowing the exposure of files readable by the Zope server. OpenVAS Vulnerability...

Debian: Security Advisory (DSA-910-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-490)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...