Low: Red Hat Security Advisory: sblim-cim-client2 security update

Updated sblim-cim-client2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

Liferay Portal 6.0.5 / 6.0.6 Arbitrary File Download

According to its self-reported version number, the installation of Liferay Portal hosted on the remote web server is affected by an arbitrary file download vulnerability. A remote, authenticated attacker may be able to download arbitrary files using a specially crafted WebDAV request. Note that...

ajp-request NSE Script

Requests a URI over the Apache JServ Protocol and displays the result or stores it in a file. Different AJP methods such as; GET, HEAD, TRACE, PUT or DELETE may be used. The Apache JServ Protocol is commonly used by web servers to communicate with back-end Java application server containers. Scri...

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...

CentOS Update for cpp CESA-2010:0039 centos5 i386

Check for the Version of cpp OpenVAS Vulnerability Test CentOS Update for cpp CESA-2010:0039 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CVE-2009-4776

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors relate...

CVE-2009-4776

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors relate...

BEA WebLogic Admin Console Cross Site Scripting (CVE-2005-1747)

BEA WebLogic Server is an enterprise-class Java Application Server platform. WebLogic is typically used as the platform for large enterprise web applications. To reduce management complexity in large installations, WebLogic Servers are grouped into domains. A WebLogic Server domain is a logically...

CISCO IDS Manager Detection (HTTP)

Detects if CISCO IDS Manager is running on a given host and port. The IDS Device Manager is a web-based Java application that resides on the sensor and is accessed via a secure, encrypted TLS link using standard Netscape and Internet Explorer web browsers to perform various management and...

Design/Logic Flaw

The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also...

CVE-2008-6830

CVE-2008-6830 affects Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers. The disconnection feature does not properly terminate a user Web Interface session, enabling an attacker with access to the same browser instance and valid credentials to gain access to that user’s Web Interfac...

CVE-2008-6830

The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also...

Oracle BEA WebLogic IIS connector JSESSIONID Stack Buffer Overflow (CVE-2008-5457)

BEA WebLogic is a Java Application Server platform typically used as the platform for large enterprise web applications. Specifically, the vulnerability exists in the connector software for Apache HTTP server shipped with BEA WebLogic. BEA WebLogic Platform ships with a connector for Apache HTTP...

Citrix Web接口安全绕过漏洞

BUGTRAQ ID: 31943 CNCAN ID：CNCAN-2008102902 Java Application Servers的Citrix web接口存在漏洞，可导致断开进程未能正确终止用户的WEB接口会话。这允许其他验证用户使用相同浏览器实例获得对已经存在WEB接口会话的未授权访问 此漏洞值影响WEB接口5.0和5.0.1，Java Application Servers的旧版本web接口和所有针对Microsoft IIS的WEB接口版本不受此漏洞影响。 Citrix Web Interface 5.0.1 Citrix Web Interface 5.0 Citrix...

dotCMS search-results.dot search_query Parameter XSS

The remote host is using dotCMS, an open source J2EE / Java web content management system. The version of dotCMS installed on the remote host fails to sanitize input to the 'searchquery' parameter of the 'search-results.dot' script before using it to generate dynamic HTML output. An attacker may ...

Java-API calls in untrusted Javascript allow network privilege escalation

Unspecified vulnerability in Sun JDK and Java Runtime Environment JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java AP...

Buffer overflow

Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by...

CVE-2007-3794

Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by...

GLSA-200705-23 : Sun JDK/JRE: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200705-23 Sun JDK/JRE: Multiple vulnerabilities An unspecified vulnerability involving an 'incorrect use of system classes' was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reporte...

OpenCms < 6.2.2 Multiple Vulnerabilities

The remote host is running OpenCms, a Java-based content management system. According to its banner, the version of OpenCms installed on the remote host reportedly allows authenticated users to upload OpenCms modules and database import/export files, download arbitrary files, send messages to all...