9852 matches found
CVE-2007-6679
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected...
CVE-2007-6679
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected...
CVE-2007-6679
CVE-2007-6679 affects IBM WebSphere Application Server 6.1 before Fix Pack 13, with an unspecified vulnerability in the Administrative Console related to monitor role users. Connected sources indicate additional impact on WebSphere 6.0.x before Fix Pack 25 and list multiple vulnerabilities in 6.1...
Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability
Description Microsoft Windows Local Security Authority Subsystem Service LSASS is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete...
Microsoft Internet Explorer DHTML Object Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability because it fails to adequately handle user-supplied input to certain DHTML object methods. Attackers can exploit this issue to execute arbitrary code in the context of a user running the application...
Microsoft DirectX WAV and AVI File Parsing Remote Code Execution Vulnerability
Description Microsoft DirectX is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash the application. Technologies Affected Avaya Messaging Application...
Microsoft Internet Explorer Element Tags Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer...
Microsoft DirectX SAMI File Parsing Stack Buffer Overflow Vulnerability
Description DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data An attacker could exploit this issue to execute arbitrary code within the privileges of the currently logged-in user. Failed exploit...
Authenticating security providers fails due to ClassLoader bugs
If the Trusted Application feature is not working and the following is seen noformat WARN atlassian.seraph.filter.TrustedApplicationsFilter Failed to login trusted application: confluence1234567 due to: com.atlassian.security.auth.trustedapps.InvalidCertificateException:...
Microsoft Jet Database Engine MDB File Parsing Remote Buffer Overflow Vulnerability
Description Microsoft Jet Database Engine is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data. Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will...
IBM Websphere Application Server 5.1.1 - WebContainer HTTP Request Header Security
source: https://www.securityfocus.com/bid/26457/info IBM WebSphere Application Server is prone to a security weakness regarding an HTTP request header. The software fails to sanitize a certain HTTP header when the data is redirected to an error message. An attacker may exploit this issue to steal...
Adobe ColdFusion CFID/CFTOKEN会话劫持漏洞
BUGTRAQ ID: 26429 CVECAN ID: CVE-2007-5905 ColdFusion MX是一款高效的网络应用服务器开发环境,具有很高的易用性和开发效率,基于标准的Java技术,可以与XML、Web Services和Microsoft.NET环境相集成。 ColdFusion在处理用户会话时存在漏洞,远程攻击者可能利用此漏洞获取敏感信息。 对于使用ColdFusion编译的应用程序,远程攻击者可以通过CFID或CFTOKEN劫持应用程序的用户会话,然后就可以浏览敏感信息或扮演成为合法用户执行请求。使用J2EE会话管理的用户不受这个漏洞影响。 Adobe...
CVE-2007-5944
Cross-site scripting XSS vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server WAS 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are...
CVE-2003-1529
Vulnerability summary (CVE-2003-1529). The J Walk Application Server from Seagull Software Systems (versions 3.2C9 and earlier than 3.3c4) is vulnerable to an encoded directory traversal. An attacker can read arbitrary files by supplying a URL with an encoded dot-dot sequence (".%252e"), enabling...
IBM WebSphere Application Server navigateTree.do Multiple Vulnerabilities
The version of IBM WebSphere Application installed on the remote host fails to sanitize input to the 'keyField', 'nameField', 'valueField', and 'frameReturn' parameters of the 'uddigui/navigateTree.do' script before using it to generate dynamic content. An unauthenticated remote attacker may be...
IBM WebSphere Application Server UDDI控制台多个输入验证漏洞
IBM Websphere Application Server是一款企业性质的WEB应用服务程序。 IBM Websphere Application Server中的UDDI用户控制台对用户提交的输入缺少过滤,远程攻击者可以利用漏洞执行任意脚本代码,窃取COOKIE敏感信息。 问题是对传递给uddigui/navigateTree.do页的eyField, nameField, valueField, frameReturn参数缺少过滤,提交恶意脚本代码作为参数数据,可导致获得敏感信息或执行任意代码。 IBM Websphere Application Server 6.1 .7 I...
CVE-2007-5799
Multiple cross-site request forgery CSRF vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server WAS before 6.1.0 Fix Pack 13 6.1.0.13 allow remote attackers to perform some actions as WAS UDDI users via the 1 keyField, 2 nameField, 3 valueField, an...
CVE-2007-5798
Multiple cross-site scripting XSS vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server WAS before 6.1.0 Fix Pack 13 6.1.0.13 allow remote attackers to inject arbitrary web script or HTML via the 1 keyField, 2 nameField, 3 valueField, and 4...
CVE-2007-5799
Multiple cross-site request forgery CSRF vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server WAS before 6.1.0 Fix Pack 13 6.1.0.13 allow remote attackers to perform some actions as WAS UDDI users via the 1 keyField, 2 nameField, 3 valueField, an...
CVE-2007-5798
IBM WebSphere Application Server 6.1.x before Fix Pack 13 (6.1.0.13) is affected by multiple XSS vulnerabilities in uddigui/navigateTree.do of the UDDI user console. The issue allows remote attackers to inject arbitrary web script or HTML via the keyField, nameField, valueField, and frameReturn p...