32 matches found
EUVD-2012-0225
Malware in sbrugna...
EUVD-2012-0224
Malware in sbrugna...
EUVD-2012-0229
Malware in sbrugna...
IBM Lotus Expeditor 6.1 - URI Handler Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28926/info IBM Lotus Expeditor is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the...
IBM Lotus Expeditor请求标头欺骗安全限制绕过漏洞
BUGTRAQ ID: 54163 CVE ID: CVE-2012-0191 IBM Lotus Expeditor之前名为IBM WebSphere Everyplace Deployment,是用于创建、部署和维护各种应用的管理客户端。 IBM Lotus Expeditor 6.2 FP5+Security Pack之前的6.1.x和6.2.x版本中的Web容器没有正确执行请求的访问控制,在实现上存在安全限制绕过漏洞,可允许远程攻击者通过特制的请求标头,绕过某些安全限制。 0 IBM Lotus Expeditor 厂商补丁: IBM ---...
CVE-2012-0191
The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers...
CVE-2012-0187
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory...
CVE-2012-0186
Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL...
Design/Logic Flaw
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory...
Directory traversal
Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL...
Design/Logic Flaw
The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers...
CVE-2012-0187
Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory...
CVE-2012-0186
Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL...
CVE-2012-0186
Summary: CVE-2012-0186 is a directory traversal vulnerability in the Eclipse Help component of IBM Sales Center for WebSphere Commerce (V6.0 and V7.0). The root cause is improper handling of crafted URLs that disclose private file locations. Impact: exposes file locations via remote requests; CVS...
CVE-2012-0191
The CVE concerns IBM Lotus Expeditor Web container in versions 6.1.x and 6.2.x prior to 6.2 FP5+Security Pack, where access control is mis-implemented, enabling remote attackers to spoof a localhost request origin via crafted headers. This is a remote authentication/authorization bypass affecting...
CVE-2012-0191
The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers...
CVE-2012-0187
CVE-2012-0187 affects IBM Lotus Expeditor 6.1.x and 6.2.x prior to 6.2 FP5+Security Pack. The issue is an untrusted search path that lets local users gain privileges via a Trojan horse DLL in the current working directory. Remediation (from the sources) is to apply the 6.2 FP5+Security Pack (or l...
JVN#97334690: IBM Lotus vulnerable to denial-of-service (DoS)
IBM Lotus product line contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. Impact A remote attacker may cause a denial-of-service DoS. Solution Apply a patch Apply the appropriate patch according to the information provided by the developer. Products...
IBM Lotus Expeditor cai URI Handler Command Execution (CVE-2008-1965)
IBM Lotus Expeditor is a software framework for the development, integration and deployment of client applications. The framework include components that run on desktop computers, handheld devices, and management servers. There exist a buffer overflow vulnerability in IBM Lotus Symphony and Lotus...
Lotus Expeditor cai URI handler command injection
Added: 06/20/2008 CVE: CVE-2008-1965 BID: 28926 OSVDB: 44868 Background Lotus Expeditor is a desktop integration framework used by Lotus products including Lotus Symphony. Problem Lotus Expeditor registers a handler for cai: URIs which passes arbitrary arguments to rcplauncher.exe. This allows...