31 matches found
EUVD-2020-26263
Malware in sbrugna...
EUVD-2010-0800
Malware in sbrugna...
EUVD-2009-1172
Malware in sbrugna...
CVE-2020-5016
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to vi...
CVE-2020-5016
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to vi...
Design/Logic Flaw
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to vi...
CVE-2020-5016
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to vi...
CVE-2020-5016
CVE-2020-5016 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. A directory traversal vulnerability could allow a remote attacker to view arbitrary XML files when application security is disabled and JAX-RPC applications are present; it does not occur if application security is ena...
CVE-2020-5016
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to vi...
Potential security vulnerability with IBM WebSphere Application Server
Abstract Security Bulletin: Asset and Service Management Products - Potential security exposure when using WS-Security, with either JAX-WS or JAX-RPC, resulting in a user gaining elevated privileges CVE-2011-1377. Content VULNERABILITY DETAILS: CVE ID: CVE-2011-1377 DESCRIPTION: Websphere...
Security Bulletin: Possible security exposure with WebSphere Application Server with WS-Security enabled applications using LTPA tokens (PM43585/PM43792/PM45181)
Summary There is a possible security exposure when using WS-Security resulting in a user gaining elevated privileges. This impacts applications using either JAX-WS and JAX-RPC. Vulnerability Details WebSphere Application Server could provide weaker than expected security when using web services...
IBM WebSphere Application Server for z/OS JAX-RPC远程安全漏洞
BUGTRAQ ID: 52250 CVE ID: CVE-2012-0199 IBM WebSphere Application Server WAS是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。与其兼容的Web服务器包括:Apache HTTP Server,Netscape Enterprise Server,Microsoft Internet Information Services IIS以及IBM HTTP Server。 IBM WebSphere Application Server for...
IBM WebSphere Application Server z/OS跨站脚本和未明漏洞
IBM WebSphere Application Server WAS是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。 IBM WebSphere Application Server for z/OS存在安全漏洞,允许攻击者进行跨站脚本和其他攻击。 1以JAX-RPC SW-Security装载类时存在WSEC5007E错误。 2传递给WEB消息组件的未明输入在返回用户之前缺少过滤,可导致跨站脚本攻击,可获得敏感信息或劫持用户会话。 0 IBM WebSphere Application Server for z/OS...
IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 39 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. PM34841 - A...
IBM WebSphere Application Server 7.0 < Fix Pack 17 Multiple Vulnerabilities
IBM WebSphere Application Server 7.0 before Fix Pack 17 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. PM34841 - A...
IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbibmwasxmlencryptioninfodisclosurevuln.nasl 7006 2017-08-25 11:51:20Z teissa $ IBM WebSphere Application Server WS-Security XML Encryption Weakness...
IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability (May 2011)
IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2011-1209
IBM WebSphere Application Server WAS 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a 1 JAX-RPC or 2 JAX-WS Web Services request via unspecified vectors related to a "decryption...
Design/Logic Flaw
IBM WebSphere Application Server WAS 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a 1 JAX-RPC or 2 JAX-WS Web Services request via unspecified vectors related to a "decryption...
CVE-2011-1209
CVE-2011-1209 affects IBM WebSphere Application Server: WAS 6.1 before 6.1.0.39 and WAS 7.0 before 7.0.0.17 use a weak WS-Security XML encryption algorithm, enabling a remote decryption attack to obtain plaintext data from JAX-RPC/JAX-WS requests. Exploitation details/vectors are not specified in...