25 matches found
EUVD-2003-0617
Malware in sbrugna...
EUVD-2007-5551
Malware in sbrugna...
EUVD-2001-1457
Malware in sbrugna...
EUVD-2003-0615
Malware in sbrugna...
EUVD-2003-0616
Malware in sbrugna...
BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8931/info A vulnerability has reported to exist in BEA Tuxedo and WebLogic Enterprise due to Tuxedo administration console. The script is reported to accept various initialization arguments such as INIFILE that are not...
Command injection
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the 1 cnsbind, 2 cnsunbind, or 3 cnsls commands...
CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the 1 cnsbind, 2 cnsunbind, or 3 cnsls commands...
CVE-2007-5576
BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic Enterprise 5.1 before RP174, echo the password in cleartext, which allows physically proximate attackers to obtain sensitive information via the 1 cnsbind, 2 cnsunbind, or 3 cnsls commands...
CVE-2007-5576
BEA Tuxedo 8.0 prior to RP392 and 8.1 prior to RP293, and WebLogic Enterprise 5.1 prior to RP174, disclose passwords in cleartext via local commands (cnsbind, cnsunbind, cnsls), enabling physically proximate attackers to obtain sensitive information. Affected components: password handling in the ...
CVE-2001-1477
BEA Tuxedo 7.1 Domain gateway is vulnerable: it does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, allowing access to remote-domain services. The issue is described across multiple records (NVD/CVE and CVE listing). No remediation d...
CVE-2001-1477
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain...
CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service hang via pathname arguments that contain MS-DOS device names such as CON and AUX...
CVE-2003-0621
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument...
CVE-2003-0623
Cross-site scripting XSS vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument...
[NT] BEA Tuxedo Administration CGI Multiple Argument Issues
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
CVE-2003-0622
CVE-2003-0622 affects BEA Tuxedo Admin Console (versions 8.1 and earlier). The vulnerability allows remote attackers to cause a denial of service (hang) by sending pathname arguments containing MS-DOS device names (e.g., CON, AUX). The provided documents confirm the affected product/version and t...
CVE-2003-0622
The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service hang via pathname arguments that contain MS-DOS device names such as CON and AUX...
CVE-2003-0623
Cross-site scripting XSS vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument...
CVE-2003-0621
CVE-2003-0621 affects the BEA Tuxedo Administration Console (8.1 and earlier). The vulnerability arises from the INIFILE argument, where modified paths can cause directory traversal to reveal files outside the web root. Impact is information disclosure; the description does not confirm exploit de...