Page 30 of 207 results (0.024 seconds)

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1

Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure. Una vulnerabilidad de tipo cross-site scripting (XSS) en Servlet Engine / Web Container en IBM WebSphere Application Server (WAS) versiones 5.1.1.4 hasta 5.1.1.1.16, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del encabezado HTTP Expect. NOTA: este podría ser el mismo problema que el CVE-2006-3918, pero no hay detalles suficientes para estar seguros. • https://www.exploit-db.com/exploits/30768 http://osvdb.org/38700 http://secunia.com/advisories/27674 http://www-1.ibm.com/support/docview.wss?uid=swg1PK51068 http://www-1.ibm.com/support/docview.wss?uid=swg24017314 http://www.securityfocus.com/bid/26457 http://www.securitytracker.com/id?1018963 http://www.vupen.com/english/advisories/2007/3680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to perform some actions as WAS UDDI users via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. Múltiples vulnerabilidades en la falsificación de petición en sitios cruzados (CSRF) en el uddigui/navigateTree.do de la consola de usuario UDDI en el Servidor de Aplicaciones WebSphere de IBM (WAS) anterior al 6.1.0 con el parche 13 (6.1.0.13) permiten a atacantes remotos llevar a cabo algunas acciones como usuarios WAS UDDI a través de los parámetros (1) keyField, (2) nameField, (3) valueField y (4) frameReturn. • http://osvdb.org/41619 http://secunia.com/advisories/27448 http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245 http://www.securityfocus.com/bid/26276 http://www.securitytracker.com/id?1018884 https://exchange.xforce.ibmcloud.com/vulnerabilities/38179 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el uddigui/navigateTree.do de la consola de usuario UDDI en el Servidor de Aplicaciones WebSphere de IBM (WAS) anterior al 6.1.0 con el parche 13 (6.1.0.13) permiten a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de los parámetros (1) keyField, (2) nameField, (3) valueField y (4) frameReturn. • http://osvdb.org/41618 http://secunia.com/advisories/27448 http://www-1.ibm.com/support/docview.wss?uid=swg1PK50245 http://www.securityfocus.com/bid/26276 http://www.securitytracker.com/id?1018884 http://www.vupen.com/english/advisories/2007/3672 https://exchange.xforce.ibmcloud.com/vulnerabilities/38177 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0

Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors. Vulnerabilidad no especificada en Administrative Scripting Tools (como wsadmin o ANT) en IBM WebSphere Application Server 5.x y 6.0.x tienen un impacto desconocido y vectores de ataque. • http://secunia.com/advisories/27249 http://www-1.ibm.com/support/docview.wss?uid=swg27006876#60223 http://www-1.ibm.com/support/docview.wss?uid=swg27006879#51116 http://www-1.ibm.com/support/search.wss?rs=0&q=PK45726&apar=only http://www.securityfocus.com/bid/26078 http://www.securitytracker.com/id?1018820 http://www.vupen.com/english/advisories/2007/3506 https://exchange.xforce.ibmcloud.com/vulnerabilities/37203 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789. Vulnerabilidad no especificada en el componente Edge en IBM WebSphere Application Server (WAS) 6.1 anterior a Fix Pack 11 (6.1.0.11) tiene un impacto desconocido y vectores de ataque, también conocido como PK44789. • http://osvdb.org/41617 http://osvdb.org/42882 http://secunia.com/advisories/26761 http://www-1.ibm.com/support/docview.wss?uid=swg27007951 http://www.securityfocus.com/bid/25626 http://www.securitytracker.com/id?1018666 http://www.vupen.com/english/advisories/2007/3101 https://exchange.xforce.ibmcloud.com/vulnerabilities/36525 •