EUVD-2009-1895

Malware in sbrugna...

EUVD-2009-1894

Malware in sbrugna...

Apollo has potential access control security issue in eureka

Impact If users expose the apollo-configservice to the internet which is not recommended, there are potential security issues since there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and...

CVE-2023-25570

Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...

CVE-2023-25570 Apollo has potential access control security issue in eureka

Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...

Apollo 访问控制错误漏洞

Apollo is a set of PHP scripts by Alex Breen, an individual developer. It is intended to provide a web-based interface for students to upload coursework. A security vulnerability exists in Apollo versions prior to 2.1.0 that stems from not enabling authentication for the built-in eureka service,...

WebSphere 7.0.0.5 的Administrative Configservice API导致信息泄露漏洞

No description provided by source...

Design/Logic Flaw

The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting...

Code injection

Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via...

CVE-2009-1899

Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via...

CVE-2009-1900

The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server WAS 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting...

CVE-2009-1900

The CVE-2009-1900 issue affects IBM WebSphere Application Server’s Administrative Console Configservice APIs. When tracing is enabled, the wsadmin scripting interface could leak sensitive information to remote attackers. Affected products/versions include WAS 6.0.2 before 6.0.2.35, WAS 6.1 before...

IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities

IBM WebSphere Application Server 6.0.2 before Fix Pack 35 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - Non-standard HTTP methods are allowed. PK73246 - A login using the LPTAToken cookie may result in extending LTPAToken expiration...