CVE-2010-2635
https://notcve.org/view.php?id=CVE-2010-2635
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." Vulnerabilidad de inyección SQL en IBM WebSphere Commerce 6.0 anterior v6.0.0.10 permite a usuarios autenticados remotamente ejecutar comandos SQL de su elección a través de parámetros no especificados en "páginas Commerce Organization Admin Console JavaServer ." • http://www-01.ibm.com/support/docview.wss?uid=swg1IZ73130 https://exchange.xforce.ibmcloud.com/vulnerabilities/62951 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-0786
https://notcve.org/view.php?id=CVE-2010-0786
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data. El componente Web Services Security en IBM WebSphere Application Server (WAS) v7.0 anteiror v7.0.0.13 no implementa adecuadamente la API Java para los Web Services XML (también conocido como JAX-WS), lo que permite a atacantes remotos causar una denegación de servicio (corrupción de datos) a través de una petición JAX-WS manipulada que provoca datos codificados incorrectamente. • http://www-01.ibm.com/support/docview.wss?uid=swg1PM13777 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 https://exchange.xforce.ibmcloud.com/vulnerabilities/62950 • CWE-20: Improper Input Validation •
CVE-2010-0785
https://notcve.org/view.php?id=CVE-2010-0785
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados en IBM WebSphere Application Server (WAS) v6.1 anterior a v6.1.0.35 y v7.0 y v7.0.0.13, permite a atacantes remotos secuestrar la autenticación de víctimas sin especificar a través de vectores desconocidos. • http://secunia.com/advisories/41722 http://www-01.ibm.com/support/docview.wss?uid=swg1PM18909 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.securityfocus.com/bid/43875 http://www.vupen.com/english/advisories/2010/2595 https://exchange.xforce.ibmcloud.com/vulnerabilities/62949 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2010-0783
https://notcve.org/view.php?id=CVE-2010-0783
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la consola administrativa en IBM WebSphere Application Server (WAS) v6.1 anterio v6.1.0.35 y v7.0 anteior v7.0.0.13 permite a atacantes remotos inyecatar código web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/41722 http://secunia.com/advisories/42136 http://securitytracker.com/id?1024686 http://www-01.ibm.com/support/docview.wss?uid=swg1PM14251 http://www-01.ibm.com/support/docview.wss?uid=swg27004980 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www.osvdb.org/69007 https://exchange.xforce.ibmcloud.com/vulnerabilities/62947 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4219
https://notcve.org/view.php?id=CVE-2010-4219
Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados en SemanticTagService.js en IBM WebSphere Portal v6.1.0.1 permite a atacantes remotos inyecatar código web o HTML a través de vectores no especificados. NOTA: NOTA: algunos de estos detalles han sido obtenidos de terceras partes. • http://www-01.ibm.com/support/docview.wss?uid=swg1PK91972 http://www.vupen.com/english/advisories/2010/2827 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •