MiracleLinux 4 : abrt-2.0.8-26.0.1.AXS4, libreport-2.0.9-21.0.1.AXS4 (AXBA:2014-792:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2014-792:01 advisory. - LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to...

EUVD-2014-0283

Malware in sbrugna...

CVE-2020-4081

In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting XSS...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +401 more potentially affected by CVE-2014-3623 via org.apache.ws.security:wss4j (>=1.5.10 <=1.6.16)

org.apache.ws.security:wss4j MAVEN version =1.5.10, =1.2.1, =6.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.0.3, =1.0.0, =1.0, =1.0.1, =2.4.0, =2.6.16 and more Source cves: CVE-2014-3623 Source advisory: OSV:GHSA-99V3-9X35-C5VF...

CVE-2020-4081

In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting XSS...

Cross site scripting

In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting XSS...

CVE-2020-4081

In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable to cross-site scripting XSS...

CVE-2014-0245

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain...

Information disclosure

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain...

CVE-2014-0245

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain...

CVE-2014-0245

The CVE-2014-0245 issue affects GateIn WSRP’s GTNSubjectCreatingInterceptor in gatein-wsrp, where non-thread-safe handling under high concurrency can allow an unauthenticated remote attacker to disclose privileged information when WS-Security is enabled for the WSRP Consumer, for a specific endpo...

Important: Red Hat Security Advisory: Red Hat JBoss Portal 6.2.0 update

Red Hat JBoss Portal 6.2.0, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Code injection

Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets WSRP, allows remote attackers to access restricted web resources via crafted URLs...

CVE-2006-0428

BEA WebLogic Portal 8.1 SP3–SP5 is affected by CVE-2006-0428, with exploitation via Web Services Remote Portlets (WSRP). The vulnerability allows remote attackers to access restricted web resources through crafted URLs. Based on the provided documents, the affected component is the WSRP interface...

CVE-2006-0428

Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets WSRP, allows remote attackers to access restricted web resources via crafted URLs...