EUVD-2015-1958

Malware in sbrugna...

The vulnerability of the database update module of the Engineering Data and Product Lifecycle Management System LOCMAN:PLM, related to unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.

The vulnerability of the Active Business Process Automation Module of LOCsMAN WorkFlow Audit Service is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow attackers to execute arbitrary code by replacing the dll library e.g., msimg32.dll in the...

The vulnerability of the application loading optimization service for servers in enterprises with a large number of users lies in the “Balancing Service” of the Engineering Data Management and Product Lifecycle system LOCMAN:PLM. This service allows unauthorized users to execute arbitrary code due to the unlimited loading of dangerous files.

The vulnerability of the application loading optimization service for servers in enterprises with a large number of users is related to unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to execute arbitrary code by replacing DLL libraries such as DNSAPI.dll in...

CVE-2018-1902

CVE-2018-1902 is a spoofing vulnerability in IBM WebSphere Application Server. The Connected IBM bulletins show it affects WebSphere AS in multiple IBM products (e.g., Tivoli Netcool/Netcool Configuration Manager, Tivoli System Automation Application Manager, Tivoli Storage/Spectrum Control, IBM ...

Cross-site Scripting (XSS)

appserver-io/http is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitze user input, allowing a malicious user to inject and execute arbitrary webscript...

Directory Traversal

appserver-io/http is vulnerable to directory traversal attacks. Attackers are able to access file outside of the intended directory by using .. within a URL...

Appserver Directory Traversal Vulnerability

Appserver is a multi-threaded application server written in PHP. A directory traversal vulnerability exists in the Web request/response interface in versions of Appserver prior to 1.0.3. A remote attacker can leverage a specially crafted URL in the '...' in a specially crafted URL to read...

CVE-2015-1847

Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. dot dot in a crafted URL...

CVE-2015-1847

CVE-2015-1847 concerns a directory traversal in the Appserver web request/response interface. The vulnerability affects Appserver versions before 1.0.3, allowing remote attackers to read normally inaccessible files by inserting a “..” in a crafted URL. Multiple sources (NVD, OpenVAS entry, CNVD/P...