PT-2023-6189 · Oracle +8 · Oracle Mysql Server +8

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.34 and prior Oracle MySQL Server version 8.1.0 Description: The issue is related to insufficient input validation in the InnoDB component of Oracle MySQL Server, allowing a high-privileged attacker with networ...

Security Bulletin: IBM Storage Protect is vulnerable to exposure of sensitive information due to Java Technology Edition (CVE-2023-30441 )

Summary Java Technology is used by IBM Storage Protect in many functions. It may be exposed to this vulnerability. Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitiv...

CVE-2018-1788

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873...

CVE-2018-1788

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Forms Server (CVE-2016-3092 )

Summary An Apache Commons FileUpload vulnerability for handling string edge case was addressed by IBM Forms Server. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending...

KLA10359 Vulnerability in Tableau

An obsolete version of OpenSSL was found in Tableau. By exploiting this vulnerability malicious users can cause denial of service, obtain sensitive information and bypass security. This vulnerability can be exploited remotely. Original advisories Tableau changelog Exploitation Public exploits exi...

CVE-2012-4819

Cross-site scripting XSS vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers ...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4240

Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors...

Code injection

The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications...

Design/Logic Flaw

BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate client certificates when reusing cached connections, which allows remote attackers to obtain access via an untrusted X.509 certificate...

CVE-2007-0425

BEA WebLogic Platform/Server 8.1–8.1 SP5 and JRockit 1.4.2 R4.5 and earlier are affected by an unspecified vulnerability related to an overflow condition (likely a buffer overflow) that could allow attackers to gain privileges via unspecified vectors. The connected sources confirm the affected pr...

BEA JRockit Java虚拟机未明堆栈缓冲区溢出漏洞

BEA JRockit JDK为开发和运行使用Java语言编写的应用程序提供了各种工具、实用程序和一个完整的运行时环境。 BEA JRockit在特殊环境下存在溢出问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 BEA WebLogic Server 8.1 BEA WebLogic Platform 8.1 BEA WebLogic Express 8.1 BEA JRockit 1.4.205 补丁下载： BEA WebLogic Server 8.1 BEA WebLogic Server...

Design/Logic Flaw

A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges...

CVE-2006-2546

CVE-2006-2546 affects BEA WebLogic Server 8.1. A recommended admin password reset mechanism used before 2005-10-10 results in the administrator password being stored in cleartext in the domain directory, which could allow an attacker with access to the domain directory to gain privileges. Connect...

CVE-2006-2468

Vulnerability details for CVE-2006-2468 show that BEA WebLogic Server Administration Console exposes the domain name in the login form for BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6. The underlying issue is information disclosure in the Console login interface, which can allow remote att...

CVE-2003-1222

CVE-2003-1222 affects BEA WebLogic Express/Server 8.0–8.1 SP1 when using a foreign JMS provider. The underlying issue is that the system echoes the foreign provider password to the console and stores it in cleartext in config.xml, enabling an attacker to obtain the password. The description does ...

BEA05-V0101.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BEA WebLogic Administration Console login page cross-site scripting vulnerability AppSecInc Team SHATTER Security Advisory BEA05-V0101 http://www.appsecinc.com/resources/alerts/general/BEA-002.html May 27, 2005 Affected versions: BEA WebLogic Server 7...

CVE-2004-0712

BEA WebLogic Server 8.1 through SP2: The configuration tools (Unix config.sh and Windows config.cmd) create a log file that stores the administrative username and password in cleartext, enabling local privilege escalation. Affected component: WebLogic Server configuration tooling. Root cause: cre...