222 matches found
EUVD-2022-1896
Malicious code in bioql PyPI...
EUVD-2022-2731
Malicious code in bioql PyPI...
EUVD-2022-5659
Malicious code in bioql PyPI...
EUVD-2022-3150
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-14721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the...
Linux Distros Unpatched Vulnerability : CVE-2018-19360
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from...
Apache Axis2 Brute Force Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/loginscanner/axis2' require 'metasploit/framework/credentialcollection' class MetasploitModule 'Apache Axis2 Brute Force Utility',...
Apache Axis2 1.4.1 Local File Inclusion
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Axis2 v1.4.1 Local File Inclusion', 'Description' = %q This module exploits an Apache Axis2 v1.4.1 local file inclusion LFI vulnerability...
org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (>=1.2.0 <=1.3.0) +3 more potentially affected by CVE-2022-41678 via org.apache.activemq:apache-activemq (>=4.1.1 <=5.0.0)
org.apache.activemq:apache-activemq MAVEN version =4.1.1, =1.2.0, =1.1.0, =1.3.0 - org.apache.camel:camel-example-spring =1.2.0 - org.apache.camel:camel-example-spring-xquery =1.3.0 Source cves: CVE-2022-41678 Source advisory: OSV:GHSA-53V4-42FG-G287...
VulnCheck KEV: CVE-2010-0219
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service...
SUSE CVE-2010-2103
Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...
SUSE CVE-2012-4418
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."...
SUSE CVE-2012-5351
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418...
SUSE CVE-2018-14721
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery SSRF attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization...
SUSE CVE-2018-19360
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization...
Security Bulletin: IBM SPSS Modeler Premium - Text Analytics SSL Spoofing (CVE-2012-5785)
Abstract Last updated on December 11, 2012. When using the Text Analytics Server from the IBM SPSS Modeler Premium product with the SSL option enabled default is disabled, then an SSL connection can be established without verifying the hostname of the target connection against the name on the SSL...
Security Bulletin: Apache Axis2 related vulnerability for IBM Tivoli Directory Integrator (CVE-2012-5785)
Abstract Apache Axis2 SSL vulnerability for IBM Tivoli Directory Integrator Content VULNERABILITY DETAILS: DESCRIPTION: Axis2 implemented in Java is vulnerable to man-in-the-middle attacks. By extension, all applications using this library to establish SSL connections with the target servers may ...
Security Bulletin: InfoSphere Guardium Data Redaction affected by SSL vulnerability in Apache Axis2 (CVE-2012-5785)
Abstract An SSL vulnerability exists in Apache Axis which is used by InfoSphere Guardium Data Redaction to process HTTPS requests from the Redaction SOAP API . Content VULNERABILITY DETAILS: CVE ID: CVE-2012-5785 DESCRIPTION: Apache Axis2/Java, as used in multiple products, could allow a remote...
Apache Axis2 Vulnerable to XML Signature wrapping attack
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."...
com.google.api-ads:common-axis2 (=0.1.0), com.google.code.magja:magja (>=0.0.1 <=0.0.3) +16 more potentially affected by CVE-2012-4418 via org.apache.axis2:axis2 (>=1.2 <=1.7.8)
org.apache.axis2:axis2 MAVEN version =1.2, =0.0.1, =2.8.28, =0.13.0, =0.13.0, =3.3, =3.3, =0.9, =0.11 and more Source cves: CVE-2012-4418 Source advisory: OSV:GHSA-88R4-38GC-97P4...