SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2006-011 Advisory Title: JBoss Java Class DeploymentFileRepository Directory Traversal Author: Oliver Karow / [email protected] Release Date:...

CVE-2006-5750

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server jbossas 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager...

CVE-2006-5750

CVE-2006-5750 affects JBoss Application Server (jbossas) versions 3.2.4 through 4.0.5, where the DeploymentFileRepository class (used by the web console/JMX console) can be abused to read or modify arbitrary files and potentially execute code. The root cause is a directory traversal flaw in the D...

security flaw

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server jbossas 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager...

CVE-2006-6011

Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service enserver.exe crash via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785...

CVE-2006-6011

CVE-2006-6011 relates to an unspecified vulnerability in SAP Web Application Server that can be exploited remotely to cause a denial of service (enserver.exe crash) via a 0x72F2 UDP sequence on port 64999. Affected: SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66. Remedi...

Apache Struts Error Response Cross-Site Scripting Vulnerability

Struts is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the...

IBM WebSphere Application Server SOAP Connector Error Page XSS

The remote SOAP server fails to sanitize user input via the URI before using it to generate dynamic XML content in an error page. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary XML into a user's browser. %NASLMINLEVEL 70300 C Tenable Network Security,...

IBM WebSphere Application Server '%20' Request Source Disclosure

It is possible to make the remote web server disclose the source code of its JSP pages by requesting the .jsp file with a '%20' appended to the request. An attacker may use this flaw to get the source code of your CGIs and possibly to obtain passwords and other relevant information about this hos...

Microsoft Windows GDI的内核本地特权升级漏洞

Microsoft Windows容易局部特权升级,因为数据结构漏洞的GDI绘制的内核可以重新部署为读写其他进程.入侵者可能利用此问题来执行任意机器代码与系统级特权.成功可能造成影响的计算机的完全妥协.失败可能导致拒绝服务. Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft...

CVE-2006-5784

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to...

CVE-2006-5785

Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service enserver.exe crash via a 0x72F2 sequence on UDP port 64999...

CVE-2006-5785

Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service enserver.exe crash via a 0x72F2 sequence on UDP port 64999...

CVE-2006-5784

CVE-2006-5784 affects SAP Web Application Server 6.40 (before patch 136) and 7.00 (before patch 66), specifically enserver.exe. The vulnerability allows remote attackers to read arbitrary files by sending crafted data to a TCP port in the 3200+SYSNR range, demonstrated via port 3201. Additionally...

CVE-2006-5785

SAP Web Application Server is affected by CVE-2006-5785. The issue allows remote denial of service (enserver.exe crash) on UDP port 64999 via a 0x72F2 sequence for SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66. The vulnerability is confirmed in the NVD entry for CVE-20...

Sun-One Application Server Version Detection

Binary data 3809.prm...

Solaris 5.9 (x86) : 117874-02

Application Server 7.1x86: Load Balancing Plugin. Date this patch was last updated by Sun : Feb/27/06 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if ...

Solaris 5.9 (sparc) : 117875-05

Application Server 7.1: Proxy Plugin Patch. Date this patch was last updated by Sun : Feb/27/06 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

Solaris 5.8 (sparc) : 117875-05

Application Server 7.1: Proxy Plugin Patch. Date this patch was last updated by Sun : Feb/27/06 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

Solaris 5.9 (x86) : 117882-02

Application Server 7.1x86: Java API for XML Parsing 1.2 Patch. Date this patch was last updated by Sun : Feb/18/05 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network...