CVE-2015-3237
https://notcve.org/view.php?id=CVE-2015-3237
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. La función smb_request_state en cURL y libcurl 7.40.0 hasta 7.42.1 permite a servidores SMB remotos obtener información sensible de la memoria o causar una denegación de servicio (lectura fuera de rango y caída) a través de valores de longitud y desplazamiento manipulados. • http://curl.haxx.se/docs/adv_20150617B.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/75387 http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1036371 https://h20566.www2.hpe.com • CWE-20: Improper Input Validation •
CVE-2013-1508
https://notcve.org/view.php?id=CVE-2013-1508
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface. Vulnerabilidad no especificada en el componente Oracle GlassFish Server em Oracle Sun Middleware Products 3.0.1 y 3.1.2, permite a atacantes remotos comprometer la integridad a través de vectores relacionados con REST Interface. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html •
CVE-2012-3155
https://notcve.org/view.php?id=CVE-2012-3155
Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB. Vulnerabilidad no especificada en el componente CORBA ORB de Sun GlassFish Enterprise Server v2.1.1, Sun GlassFish Enterprise Server v3.0.1 y v3.1.2 y Sun Java Application Server System v8.1 y v8.2 permite a atacantes remotos afectar a la disponibilidad, en relación con CORBA ORB. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html http://www.securityfocus.com/bid/56073 http://www.securitytracker.com/id?1027676 •
CVE-2012-0104
https://notcve.org/view.php?id=CVE-2012-0104
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container. Vulnerabilidad no especificada en Oracle GlassFish Enterprise Server v3.0.1 y v3.1.1 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con el contenedor web. • http://osvdb.org/78417 http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72497 •
CVE-2011-5035 – MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5035
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Oracle Glassfish 2.1.1, 3.0.1 y 3.1.1, tal como se utiliza en Communications Server 2.0, Sun Java System Application Server 8.1 y 8.2 y posiblemente otros productos, computa valores hash para parámetros de forma sin restringir la habilidad para desencadenar colisiones hash de manera predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de muchos parámetros manipulados, también conocido como Oracle security ticket S0104869. • https://www.exploit-db.com/exploits/2012 http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133847939902305&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://marc.info/? • CWE-20: Improper Input Validation •