Page 41 of 210 results (0.008 seconds)

CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. IBM Websphere Application Server 3.5.3 y versiones anteriores almacenan una contraseña en formato textual en el fichero sas.server.props, lo que permite a usuarios locales la obtención de dicha contraseña mediante una rutina JSP. • http://www.iss.net/security_center/static/7698.php http://www.securityfocus.com/archive/1/245324 http://www.securityfocus.com/bid/3682 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html http://www.securityfocus.com/bid/2969 •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. • http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html http://www.osvdb.org/5492 http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p https://exchange.xforce.ibmcloud.com/vulnerabilities/7153 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. • http://www.securityfocus.com/archive/1/176100 http://www.securityfocus.com/bid/2587 •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 3

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. • https://www.exploit-db.com/exploits/20753 http://www.securityfocus.com/archive/1/176100 http://www.securityfocus.com/bid/2588 •