9874 matches found
CVE-2006-3713
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2006-3707
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln AS02...
Moderate: Red Hat Security Advisory: tomcat security update for Red Hat Application Server
An updated Tomcat package that fixes multiple security issues is now available for Red Hat Application Server. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies...
CVE-2006-3232
Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used."...
CVE-2006-3231
Unspecified vulnerability in IBM WebSphere Application Server WAS before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."...
CVE-2006-3232
Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used."...
CVE-2006-3231
IBM WebSphere Application Server (WAS) prior to 6.0.2.11 is affected when fileServingEnabled is true. An attacker can remotely obtain JSP source code and other sensitive information through URIs with special characters. The impact is partial confidentiality. Remediation: upgrade WAS to version 6....
CVE-2006-3232
CVE-2006-3232 affects IBM WebSphere Application Server prior to 6.0.2.11. The vulnerability is described as unspecified with unknown impact and attack vectors, caused by the "UserNameToken cache was improperly used." The provided documents do not specify the exact root cause details beyond this c...
CVE-2006-3225
Cross-site scripting XSS vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors...
CVE-2006-3225
CVE-2006-3225 describes a cross-site scripting (XSS) vulnerability affecting Sun ONE Application Server 7 before Update 9, Java System Application Server 7 (2004Q2) before Update 5, and Java System Application Server Enterprise Edition 8.1 (2005 Q1). The issue allows remote attackers to inject ar...
CVE-2005-4804
Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications...
CVE-2005-4805
Technical details about CVE-2005-4805 are not publicly available in the provided documents; no specifics on affected product versions, vectors, or fixes are provided. Monitor for updates.
CVE-2005-4804
Technical details about CVE-2005-4804 are not publicly available in the provided documents. Monitor for updates.
Cross site scripting
Cross-site scripting XSS vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and...
CVE-2006-2501
CVE-2006-2501 describes a cross-site scripting (XSS) vulnerability in multiple Sun web/server products (Sun ONE Web Server 6.0 SP9 and earlier; Sun Java System Web Server 6.1 SP4 and earlier; Sun ONE Application Server 7 Update 6 and earlier; Java System Application Server 7 2004Q2 Update 2 and e...
CVE-2006-2429
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers"...
Code injection
WebSphere Application Server 5.0.2 or any earlier cumulative fix stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges...
Code injection
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console"...
CVE-2006-2433
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console"...
CVE-2006-2432
IBM WebSphere Application Server 5.0.2 or any earlier cumulative fix and 5.1.1 or any earlier cumulative fix allows EJB access on Solaris systems via a crafted LTPA token...