143 matches found
Oracle Fusion WebLogic Server Component WLS-Console Management Interface Unspecified XSS
The version of the WebLogic component on Oracle Middleware installed on the remote Windows host is affected an unspecified cross-site scripting vulnerability related to WLS-Console. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in the...
[Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-015: SAP WebAS webrfc Cross-Site Scripting This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
HP Universal CMDB Server Axis2 default password
Added: 02/22/2011 CVE: CVE-2010-0219 BID: 45625 OSVDB: 70233 Background HP Universal CMDB Server 9.0 is a modular management system that consists of a rich business-service-oriented data model with built-in discovery of configuration items CIs and configuration item dependencies, visualization an...
CA ARCserve D2D Axis2 default password
Added: 01/26/2011 CVE: CVE-2010-0219 BID: 45625 OSVDB: 70233 Background CA ARCserve D2D is a disk-based backup solution. Problem CA ARCserve D2D deploys Axis2 with default credentials which can be used to gain unauthorized access to the web application server. By then uploading a specially crafte...
CA ARCserve D2D Axis2 default password
Added: 01/26/2011 CVE: CVE-2010-0219 BID: 45625 OSVDB: 70233 Background CA ARCserve D2D is a disk-based backup solution. Problem CA ARCserve D2D deploys Axis2 with default credentials which can be used to gain unauthorized access to the web application server. By then uploading a specially crafte...
CA ARCserve D2D Axis2 default password
Added: 01/26/2011 CVE: CVE-2010-0219 BID: 45625 OSVDB: 70233 Background CA ARCserve D2D is a disk-based backup solution. Problem CA ARCserve D2D deploys Axis2 with default credentials which can be used to gain unauthorized access to the web application server. By then uploading a specially crafte...
Design/Logic Flaw
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service Management Console shutdown via a crafted request. NOTE: some of the...
CVE-2009-4603
Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, 7.00, 7.01, 7.10, 7.11, and 7.20, as used in SAP NetWeaver 7.x and SAP Web Application Server 6.x and 7.x, allows remote attackers to cause a denial of service Management Console shutdown via a crafted request. NOTE: some of the...
[SECURITY] [DSA 1863-1] New zope2.10/zope2.9 packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA-1863-1 [email protected] http://www.debian.org/security/ Nico Golde August 15th, 2009 http://www.debian.org/security/faq -...
DSA-1863-1 zope2.10 zope2.9 - arbitrary code execution
Bulletin has no description...
Fwd: TmaxSoft JEUS Alternate Data Streams Vulnerability
Dear bugtraq, Thanks for your concern. I saw BID 32804. It is one incorrect information. Tmax Soft JEUS 5 Fix26 is not vulnerable. The vendor informs that users upgrade to this versionFix 26. Please change this information. Sincerely, Simon ---------- Forwarded message ---------- From: Simon Ryeo...
TmaxSoft JEUS - Alternate Data Streams File Disclosure
TmaxSoft JEUS - Alternate Data Streams File Disclosure Title: TmaxSoft JEUS Alternate Data Streams Vulnerability Author: Simon Ryeobar4mi at gmail Severity: High Impact: Remote File Disclosure Vulnerable Version: JEUS 5: Fix26 on NTFS References: -...
TmaxSoft JEUS - Alternate Data Streams File Disclosure
Title: TmaxSoft JEUS Alternate Data Streams Vulnerability Author: Simon Ryeobar4mi at gmail Severity: High Impact: Remote File Disclosure Vulnerable Version: JEUS 5: Fix26 on NTFS References: - http://www.microsoft.com/technet/security/bulletin/ms98-003.mspx - http://www.tmaxsoft.com -...
TmaxSoft JEUS Alternate Data Streams Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: TmaxSoft JEUS Alternate Data Streams Vulnerability Author: Simon Ryeobar4mi at gmail Severity: High Impact: Remote File Disclosure Vulnerable Version: JEUS 5: Fix26 on NTFS References: -...
TmaxSoft JEUS Alternate Data Streams File Disclosure Vulnerability
Exploit for unknown platform in category remote exploits ================================================================== TmaxSoft JEUS Alternate Data Streams File Disclosure Vulnerability ================================================================== Title: TmaxSoft JEUS Alternate Data...
Cross site scripting
Cross-site scripting XSS vulnerability in the Web GUI in SAP Web Application Server WAS 7.0, Web Dynpro for ABAP aka WD4A or WDA, and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under bc/gui/sap/its/webgui/...
CVE-2008-2421
Cross-site scripting XSS vulnerability in the Web GUI in SAP Web Application Server WAS 7.0, Web Dynpro for ABAP aka WD4A or WDA, and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under bc/gui/sap/its/webgui/...
CVE-2008-2421
CVE-2008-2421 concerns a Cross-site Scripting (XSS) vulnerability in the Web GUI of SAP Web Application Server (WAS) 7.0, affecting Web Dynpro for ABAP (WD4A/WDA) and Web Dynpro for BSP. The issue allows remote attackers to inject arbitrary web script or HTML via PATH_INFO to the default URI unde...
DSECRG-08-023.txt
Digital Security Research Group DSecRG Advisory DSECRG-08-023 Application: SAP Web Application Server Versions Affected: Version 7.0 Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 Author: Digital Security...
[DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability
Digital Security Research Group DSecRG Advisory DSECRG-08-023 Application: SAP Web Application Server Versions Affected: Version 7.0 Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 Author: Digital Security...