Code injection

Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2007-5152

Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks...

Design/Logic Flaw

Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server WAS 6.1 before Fix Pack 11 6.1.0.11 has unknown impact and attack vectors, aka PK44789...

CVE-2007-4839

Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server WAS 6.1 before Fix Pack 11 6.1.0.11 has unknown impact and attack vectors, aka PK33803...

CVE-2007-4833

Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server WAS 6.1 before Fix Pack 11 6.1.0.11 has unknown impact and attack vectors, aka PK44789...

CVE-2007-4839

Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server WAS 6.1 before Fix Pack 11 6.1.0.11 has unknown impact and attack vectors, aka PK33803...

CVE-2007-4833

Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server WAS 6.1 before Fix Pack 11 6.1.0.11 has unknown impact and attack vectors, aka PK44789...

CVE-2007-4839

CVE-2007-4839 concerns IBM WebSphere Application Server 6.1 prior to Fix Pack 11 (6.1.0.11), specifically in the PD tools component. The vulnerability is described as unspecified with unknown impact and attack vectors (aka PK33803). The available connected sources corroborate the affected product...

IBM WebSphere Application Server未明漏洞

IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。 IBM WebSphere Application Server包含的Edge组件存在未明错误，远程攻击者可以利用漏洞获得敏感信息或者进行拒绝服务攻击。 目前没有详细漏洞细节提供。 IBM WebSphere Application Server 6.1.x 升级程序： http://www-1.ibm.com/support/docview.wss?uid=swg24016159...

Code injection

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges...

Code injection

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges...

CVE-2007-4563

Cosminexus Manager in Cosminexus Application Server 06-50 and later is affected by CVE-2007-4563, where backend processes for logical J2EE servers may receive incorrect group permissions. This could allow local users to gain privileges. The vulnerability is described as a local privilege escalati...

CVE-2007-4564

Cosminexus Manager in Cosminexus Application Server 07-00 and later may assign the wrong user’s group permissions to activated logical server processes, enabling local privilege escalation. Root cause: mis-assignment of group permissions to server processes started by Cosminexus Manager. Impact: ...

Code injection

The Sun Admin Console in Sun Application Server 9.00.1 does not apply certain configuration changes persistently, which causes the 1 SSL and 2 SSLMutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass...

CVE-2007-4511

The Sun Admin Console in Sun Application Server 9.00.1 does not apply certain configuration changes persistently, which causes the 1 SSL and 2 SSLMutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass...

CVE-2007-4511

The CVE-2007-4511 issue affects Sun Admin Console in Sun Application Server 9.0_0.1. The root problem is that configuration changes are not persisted, causing the SSL and SSL_MutualAuth ORB listener services to enable all protocols and ciphers after a restart. This can allow remote attackers to b...

Microsoft XML Core Services SubstringData Integer Overflow Vulnerability

Description Microsoft XML Core Services is prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun. Attackers can exploit this issue by enticing unsuspecting users to view malicious web content. Specially crafted scripts could issue...

Microsoft Excel Worksheet Index Value Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file .xls. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

Microsoft OLE Automation SubstringData Function Integer Overflow Vulnerability

Description Microsoft OLE Automation is prone to an integer-overflow vulnerability. this issue occurs because the application fails to ensure that integer values are not overrun. Successfully exploiting this issue allows remote attackers to corrupt heap memory and execute arbitrary in the context...

Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability

Description Microsoft Internet Explorer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when rendering VML Vector Markup Language graphics. Attackers can leverage this issue to execute arbitrary code in the...