CVE-2005-4804

Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications...

Cross site scripting

Cross-site scripting XSS vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and...

CVE-2006-2501

CVE-2006-2501 describes a cross-site scripting (XSS) vulnerability in multiple Sun web/server products (Sun ONE Web Server 6.0 SP9 and earlier; Sun Java System Web Server 6.1 SP4 and earlier; Sun ONE Application Server 7 Update 6 and earlier; Java System Application Server 7 2004Q2 Update 2 and e...

Design/Logic Flaw

Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls that may allow unintended execution of scripts."...

CVE-2006-2429

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers"...

CVE-2006-2435

Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls that may allow unintended execution of scripts."...

CVE-2006-2431

Cross-site scripting XSS vulnerability in the 500 Internal Server Error page on the SOAP port 8880/tcp in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is...

CVE-2006-2433

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console"...

CVE-2006-2432

IBM WebSphere Application Server 5.0.2 or any earlier cumulative fix and 5.1.1 or any earlier cumulative fix allows EJB access on Solaris systems via a crafted LTPA token...

Design/Logic Flaw

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers"...

Code injection

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console"...

Code injection

WebSphere Application Server 5.0.2 or any earlier cumulative fix stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges...

CVE-2006-2433

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console"...

CVE-2006-2436

WebSphere Application Server 5.0.2 (or earlier cumulative fixes) stores admin and LDAP passwords in plaintext in FFDC logs following failed logins, enabling privilege escalation if logs are accessed. The underlying cause is plaintext credential logging in FFDC. Affected component: WebSphere Appli...

CVE-2006-2435

Technical details for CVE-2006-2435 are not publicly disclosed in the provided documents; the records only reiterate an unspecified vulnerability in IBM WebSphere Server with potential script-injection in URLs. Monitor for updates in connected sources.

CVE-2006-2433

Technical details for CVE-2006-2433 are not publicly available in the provided documents; no affected product, vulnerable component, impact, or remediation is specified here. Monitor for updates.

CVE-2006-2432

CVE-2006-2432 affects IBM WebSphere Application Server 5.0.2 (and earlier cumulative fixes) and 5.1.1 (and earlier cumulative fixes); on Solaris, a crafted LTPA token enables EJB access. The NVD entry assigns a CVSSv2 base score of 7.5 (HIGH) with network attack vector, low attack complexity, and...

CVE-2006-2429

Technical details are not publicly available in the provided connected documents; the CVE entry content remains the same as the initial description. Monitor for updates.

CVE-2006-2431

Summary: The CVE-2006-2431 issue is a cross-site scripting (XSS) vulnerability in the IBM WebSphere Application Server SOAP connector error page. Affected versions: WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7. Component and cause: The vulnerabili...

CVE-2006-2435

Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls that may allow unintended execution of scripts."...