38 matches found
EUVD-2012-3483
Malware in sbrugna...
EUVD-2013-0333
Malware in sbrugna...
EUVD-2014-0283
Malware in sbrugna...
EUVD-2013-0332
Malware in sbrugna...
EUVD-2013-4301
Malware in sbrugna...
EUVD-2012-5423
Malware in sbrugna...
CVE-2014-0245
It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain...
Information disclosure
It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain...
CVE-2014-0245
It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain...
CVE-2014-0245
The CVE-2014-0245 issue affects GateIn WSRP’s GTNSubjectCreatingInterceptor in gatein-wsrp, where non-thread-safe handling under high concurrency can allow an unauthenticated remote attacker to disclose privileged information when WS-Security is enabled for the WSRP Consumer, for a specific endpo...
Important: Red Hat Security Advisory: Red Hat JBoss Portal 6.2.0 update
Red Hat JBoss Portal 6.2.0, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Red Hat JBoss Enterprise Application Platform 6.1.0 Security Update (RHSA-2013:1843)
The version of JBoss Enterprise Application Platform running on the remote system is affected by multiple cross-site scripting flaws in the GateIn Portal component. This could allow a remote attacker to manipulate a logged in user into visiting a specially crafted URL, thereby executing an...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-4424
Multiple cross-site scripting XSS vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2013-4424
CVE-2013-4424 affects Red Hat JBoss Portal 6.1.0 (GateIn Portal component). The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, potentially leading to arbitrary script execution in ...
Moderate: Red Hat Security Advisory: Red Hat JBoss Portal 6.1.0 security update
An update for the GateIn Portal component in Red Hat JBoss Portal 6.1.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
GateIn: XSS due to improper url escaping
Multiple cross-site scripting XSS vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Gatein: JGroups configurations enable diagnostics without authentication
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information diagnostics by accessing the service...
JBoss Enterprise Portal Platform GateIn Portal Security Update (RHSA-2013-0613)
Binary data redhat-RHSA-2013-0613.nbin...
CVE-2013-0315
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion XEE attack...