CVE-2013-7105
https://notcve.org/view.php?id=CVE-2013-7105
Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs." Desbordamiento de búfer en la funcionalidad Interstage HTTP Server log, tal como se utiliza en Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1 y 10.0.0, y Interstage Studio 9.0.0, 9.1.0, 9.2 0.0 y 10.0.0, tiene impacto y vectores de ataque no especificados relacionados con "ihsrlog / rotatelogs." • http://www.fujitsu.com/global/support/software/security/products-f/interstage-201302e.html http://www.securityfocus.com/bid/63929 http://www.securitytracker.com/id/1029398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-2566
https://notcve.org/view.php?id=CVE-2013-2566
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. El algoritmo RC4, tal como se usa en el protocolo TLS y protocolo SSL, tiene muchos "single-byte biases", lo que hace que sea más fácil para atacantes remotos realizar ataques de recuperación de texto claro a través de análisis estadístico de texto cifrado en un gran número de sesiones que utilizan el mismo texto claro. • http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html http://cr.yp.to/talks/2013.03.12/slides.pdf http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://marc.info/?l=bugtraq&m=143039468003789&w=2 http://my.opera.com/securitygroup/blog/2013/03/20/on-the-precariousness-of-rc4 http://security.gentoo.org/glsa/glsa-201406-19.xml http://www.isg.rhul.ac.uk/tls http://www.mozilla.org/security/announce/2013/mfsa2013& • CWE-326: Inadequate Encryption Strength •
CVE-2010-2150
https://notcve.org/view.php?id=CVE-2010-2150
Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Fujitsu e-Pares V01 L01 permite a atacantes remotos inyectar código web o HTML a través de vectores sin expecificar. • http://jvn.jp/en/jp/JVN58439007/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000021.html http://secunia.com/advisories/40029 http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html http://www.securityfocus.com/bid/40515 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2149
https://notcve.org/view.php?id=CVE-2010-2149
Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión de Fujitsu e-Pares V01 L01, L03, L10, L20, L30 permite a atacantes remotos secuestrar sesiones web a través de vectores sin expecificar. • http://jvn.jp/en/jp/JVN36925871/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000023.html http://secunia.com/advisories/40029 http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html http://www.securityfocus.com/bid/40513 • CWE-287: Improper Authentication •
CVE-2010-2151
https://notcve.org/view.php?id=CVE-2010-2151
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30 y L40 permite a atacantes remotos secuestar la autenticación de otros usuarios para peticiones que modifican "datos reservados" a través de vectores desconocidos. • http://jvn.jp/en/jp/JVN82465391/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000022.html http://secunia.com/advisories/40029 http://software.fujitsu.com/jp/security/vulnerabilities/jvn-36925871-58439007-82465391.html http://www.securityfocus.com/bid/40517 • CWE-352: Cross-Site Request Forgery (CSRF) •