IBM Security AppScan Standard <= 9.0.2 - OLE Automation Array Remote Code Execution Exploit

IBM Security AppScan versions 9.0.2 and below suffer from an OLE automation array remote code execution vulnerability !/usr/bin/python import BaseHTTPServer, socket IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin:...

IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution

!/usr/bin/python import BaseHTTPServer, socket IBM Security AppScan Standard OLE Automation Array Remote Code Execution Author: Naser Farhadi Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909 Date: 1 June 2015 Version: function runmumaa On Error Resume Next set shell=createobject"Shel...

CVE-2014-8918

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network...

IBM Security AppScan Standard Information Disclosure Vulnerability (CNVD-2015-00885)

IBM Security AppScan Standard is a set of security testing tools for Web applications from IBM in the United States. The tool automates dynamic and static security vulnerability scanning during the application development lifecycle. An information disclosure vulnerability exists in IBM Security...

CVE-2014-0904

The update process in IBM Security AppScan Standard 7.9 through 8.8 does not require integrity checks of downloaded files, which allows remote attackers to execute arbitrary code via a crafted file...