Pandora FMS 路径遍历漏洞

Pandora FMS is a monitoring system from Pandora FMS, USA. The system monitors networks, servers, virtual infrastructures, applications, etc. through visualization. A security vulnerability exists in Pandora FMS versions 700 through prior to 777.3 that stems from a post-authentication arbitrary fi...

Security Bulletin: IBM HTTP Server is vulnerable to HTTP request splitting due to the included Apache HTTP Server (CVE-2023-25690)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP request splitting when using modproxy or the Web Server Plug-in due to the included Apache HTTP Server. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION...

Important: Red Hat Security Advisory: slapi-nis security and bug fix update

An update for slapi-nis is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Design/Logic Flaw

The Web Server Plug-in in IBM WebSphere Application Server WAS 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a...

CVE-2012-2162

The Web Server Plug-in in IBM WebSphere Application Server WAS 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a...

CVE-2009-1016

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the...

Stack overflow

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote authenticated users to affect confidentiality, integrity, and availability, related to IIS. NOTE: the previous information was obtained from the...

IBM多个产品未明信任书伪造漏洞

IBM包含多系列产品，如IBM Tivoli，IBM WebSphere等。 IBM多个产品存在信任书伪造问题，远程攻击者可以利用这个漏洞访问资源和数据或可能控制应用程序。 目前报告此问题可以使攻击者利用COOKIE或伪造其他信任用户未授权访问资源，目前没有详细漏洞细节提供。 IBM Tivoli Access Manager for e-business 5.1 IBM Tivoli Access Manager for e-business 4.1 IBM Tivoli Access Manager for e-business 3.9 IBM Tivoli Access Manag...

[Full-disclosure] VSR Advisory: IBM Tivoli Access Manager - Web Server Plug-in File Retrieval Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Remote Directory Traversal and File Retrieval Release Date: 2006-02-03...