14 results (0.010 seconds)

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." Una vulnerabilidad no especificada en la funcionalidad de comprobación de XML Digital Signature en JVA-RUN en JDK versión 6.0 en IBM OS/400 i5/OS versiones V5R4M0 y V6R1M0, presenta un impacto y vectores de ataque desconocidos relacionados con "XML SECURITY PATCH". • http://secunia.com/advisories/35356 http://www-01.ibm.com/support/docview.wss?uid=nas2741c96b7c573b81a862575cc003c726e http://www-01.ibm.com/support/docview.wss?uid=nas2e858199605d67111862575cc003c7276 http://www.attrition.org/pipermail/vim/2009-June/002190.html http://www.securityfocus.com/bid/35265 http://www.vupen.com/english/advisories/2009/1536 https://exchange.xforce.ibmcloud.com/vulnerabilities/51005 •

CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0

Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios. Desbordamiento de buffer en la función BrSmRcvAndCheck en el módulo RCHMGR de IBM OS/400 V5R4M0, V5R4M5, y V6R1M0, permite a atacantes locales provocar una denegación de servicio (parada de tarea y volcado de almacemiento principal), a través de vectores no especificados involucrados en la ejecución de diagnósticos en un puerto de modem. NOTA: Podría haber escenarios de ataque limitados. • http://secunia.com/advisories/30554 http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64 http://www.securityfocus.com/bid/29660 http://www.vupen.com/english/advisories/2008/1799 https://exchange.xforce.ibmcloud.com/vulnerabilities/42984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en HTTP Server de IBM OS/400 V5R3M0 y V5R4M0. permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la cabecera Expect HTTP. • http://secunia.com/advisories/28744 http://www-1.ibm.com/support/docview.wss?uid=nas22f5a0f082f6821c4862573e10041f7bd http://www.securityfocus.com/bid/27595 http://www.vupen.com/english/advisories/2008/0397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 5%CPEs: 8EXPL: 0

IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules. IBM OS/400 (también conocido como i5/OS) V4R2M0 hasta V5R3M0 en máquinas iSeries envía respuestas a paquetes TCP SYN-FIN, lo cual permite a atacantes remotos obtener información sensible y posiblemente evitar reglas de cortafuegos. • http://osvdb.org/37792 http://secunia.com/advisories/25885 http://www-1.ibm.com/support/docview.wss?uid=nas2742405285431729b86256e620067dc17 http://www.securityfocus.com/bid/24706 https://exchange.xforce.ibmcloud.com/vulnerabilities/35173 •

CVSS: 5.0EPSS: 4%CPEs: 12EXPL: 0

The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. La función RFC_SET_REG_SERVER_PROPERTY en la libreria SAP RFC Library 6.40 y 7.00 anterior a 20070109 implementa una opción para acceso exclusivo a un servidor RFC, lo cual permite a atacantes remotos provocar denegación de servico (cierre del cliente) a través de vectores no especificados. NOTA: Esta información se basa en una vaga descripción inicial. • http://secunia.com/advisories/24722 http://securityreason.com/securityalert/2540 http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.securityfocus.com/archive/1/464685/100/0/threaded http://www.securityfocus.com/bid/23309 http://www.vupen.com/english/advisories/2007/1270 https://exchange.xforce.ibmcloud.com/vulnerabilities/33418 •