4652 matches found
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.0.1 security update
An update for JBoss Enterprise Application Platform 6.0.1 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which...
JBoss: allows empty password to authenticate against LDAP
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 security update
An update for JBoss Enterprise Application Platform 5.2.0 which fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which...
JBoss: allows empty password to authenticate against LDAP
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
JBoss: allows empty password to authenticate against LDAP
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
JBoss: allows empty password to authenticate against LDAP
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
JBoss: allows empty password to authenticate against LDAP
The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...
PT-2013-1353 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 9.0 through 10 Description: The issue is related to the administrator.cfc component in Adobe ColdFusion, which allows remote attackers to bypass authentication and possibly execute arbitrary code. This is achieved by...
CVE-2012-5609
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file...
pki-tps: Connection reset when performing empty certificate search in TPS
The token processing system pki-tps in Red Hat Certificate System RHCS before 8.1.3 allows remote attackers to cause a denial of service Apache httpd web server child process restart via certain unspecified empty search fields in a user certificate search query...
DEBIAN-CVE-2012-5533
The httprequestsplitvalue function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service infinite loop via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header...
CVE-2012-5533
The httprequestsplitvalue function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service infinite loop via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header...
CVE-2012-4465
Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via an empty username in the "Author" field in a commit...
Heap overflow
Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via an empty username in the "Author" field in a commit...
CVE-2012-4395
Cross-site scripting XSS vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirecturl parameter...
DEBIAN-CVE-2012-4345
Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...
CVE-2012-4345
Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...
Scientific Linux Security Update : HelixPlayer on SL4.x i386/x86_64
Multiple security flaws were discovered in RealPlayer. Helix Player and RealPlayer share a common source code base; therefore, some of the flaws discovered in RealPlayer may also affect Helix Player. Some of these flaws could, when opening, viewing, or playing a malicious media file or stream, le...
icedtea-web: getvalueforurl uninitialized instance pointer
The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instancetoidmap hash is empty, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted web page, which causes an...