CVE-2011-5035 – MyBulletinBoard (MyBB) 1.1.5 - 'CLIENT-IP' SQL Injection
https://notcve.org/view.php?id=CVE-2011-5035
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Oracle Glassfish 2.1.1, 3.0.1 y 3.1.1, tal como se utiliza en Communications Server 2.0, Sun Java System Application Server 8.1 y 8.2 y posiblemente otros productos, computa valores hash para parámetros de forma sin restringir la habilidad para desencadenar colisiones hash de manera predecible, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el envío de muchos parámetros manipulados, también conocido como Oracle security ticket S0104869. • https://www.exploit-db.com/exploits/2012 http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133847939902305&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://marc.info/? • CWE-20: Improper Input Validation •
CVE-2011-3559
https://notcve.org/view.php?id=CVE-2011-3559
Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container. Vulnerabilidad no especificada en Oracle Communications Server v2.0, GlassFish Enterprise Server v2.1.1, v3.0.1, y v3.1.1, y Sun Java System App Server v8.1 y v8.2 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con Web Container. • http://osvdb.org/76476 http://secunia.com/advisories/46523 http://secunia.com/advisories/46524 http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50204 http://www.securitytracker.com/id?1026222 https://exchange.xforce.ibmcloud.com/vulnerabilities/70816 •
CVE-2011-0807 – Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0807
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle Sun GlassFish Enterprise Server v2.1, v2.1.1 y v3.0.1, y Sun Java System Application Server v9.1, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la Administración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Web Administration component which listens by default on TCP port 4848. When handling a malformed GET request to the administrative interface, the application does not properly handle an exception allowing the request to proceed without authentication. • https://www.exploit-db.com/exploits/17615 http://securityreason.com/securityalert/8327 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html - •
CVE-2010-4438
https://notcve.org/view.php?id=CVE-2010-4438
Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS). Vulnerabilidad no especificada en Oracle GlassFish v2.1, v2.1.1 y v3.0.1, y Java System Message Queue v4.1 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con Java Message Service (JMS). • http://osvdb.org/70572 http://osvdb.org/70573 http://secunia.com/advisories/42988 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45890 http://www.vupen.com/english/advisories/2011/0155 https://exchange.xforce.ibmcloud.com/vulnerabilities/64813 •
CVE-2010-2397
https://notcve.org/view.php?id=CVE-2010-2397
Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI. Vulnerabilidad no especificada en Oracle Sun Java System Application Server v8.0, v8.1, y v8.2; y GlassFish Enterprise Server v2.1.1; permite a usuarios locales afectar la confidencialidad e integridad, relacionado con el GUI. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •