Page 19 of 95 results (0.006 seconds)

CVSS: 4.3EPSS: 1%CPEs: 20EXPL: 1

CVE-2006-2431 – IBM Websphere 6.0 - 'Faultactor' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-2431

Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous. • https://www.exploit-db.com/exploits/28981 http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html http://secunia.com/advisories/20032 http://securityreason.com/securityalert/910 http://securitytracker.com/id?1017170 http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang= http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012163 http://ww • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 2%CPEs: 13EXPL: 0

CVE-2006-2430

https://notcve.org/view.php?id=CVE-2006-2430

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html http://secunia.com/advisories/20032 http://securityreason.com/securityalert/910 http://www-1.ibm.com/support/docview.wss?rs=0&dc=DB550&q1=PK16492&uid=swg1PK22416&loc=en_US&cs=utf-8&lang= http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064 http://www-1.ibm.com •

CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2006-2433

https://notcve.org/view.php?id=CVE-2006-2433

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console". • http://archives.neohapsis.com/archives/bugtraq/2006-05/0175.html http://secunia.com/advisories/20032 http://securityreason.com/securityalert/910 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876 http://www-1.ibm.com/support/search.wss?rs=0&q=PK17838&apar=only http://www.vupen.com/english/advisories/2006/1736 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2006-2342

https://notcve.org/view.php?id=CVE-2006-2342

IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. • http://secunia.com/advisories/20025 http://www-1.ibm.com/support/docview.wss?uid=swg24010245 http://www.osvdb.org/25368 http://www.securityfocus.com/bid/17900 http://www.vupen.com/english/advisories/2006/1724 https://exchange.xforce.ibmcloud.com/vulnerabilities/26312 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2005-3498

https://notcve.org/view.php?id=CVE-2005-3498

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information. • http://securitytracker.com/id?1015134 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980 http://www-1.ibm.com/support/docview.wss?uid=swg24010781 http://www.securityfocus.com/bid/15303 http://www.vupen.com/english/advisories/2005/2291 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •