58 matches found
EUVD-2010-3868
Malware in sbrugna...
EUVD-2010-3874
Malware in sbrugna...
EUVD-2010-3871
Malware in sbrugna...
EUVD-2010-3870
Malware in sbrugna...
EUVD-2010-3876
Malware in sbrugna...
EUVD-2010-3873
Malware in sbrugna...
EUVD-2010-3869
Malware in sbrugna...
EUVD-2010-3875
Malware in sbrugna...
EUVD-2010-4210
Malware in sbrugna...
Security Bulletin: IBM OmniFind Enterprise Edition and IBM Content Analytics – Oracle Critical Patch Updates February 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)
Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM OmniFind Enterprise Edition and IBM Content Analytics and products. Content The products listed below may be affected by security vulnerabilities reported by Oracle’s February 2013 Critical Patch...
IBM OmniFind Buffer Overflow Vulnerability
No description provided by source...
IBM OmniFind Privilege Escalation Vulnerability
No description provided by source...
IBM OmniFind CSRF Vulnerability
No description provided by source. The forms in the administrator interface are not protected against XSRF. The attacker can do any action in the context of the victim. An example attack scenario could be: The attacker creates a malicious website with a prepared form to add a new user, which will...
CVE-2010-3893
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID aka SID value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue...
CVE-2010-3896
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do...
CVE-2010-3892
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID aka SID value...
CVE-2010-4236
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ESLIBRARYPATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different...
CVE-2010-3894
Stack-based buffer overflow in the JavacomibmesossCryptionNativeESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password...
CVE-2010-3897
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive information by leveraging read access to this file...
CVE-2010-3895
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument...