- Home
- CVEs with nessus.description==The version of IBM WebSphere Portal installed on the remote host is
7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple
vulnerabilities :
- A remote code execution vulnerability exists in the
Apache Struts ClassLoader. A remote attacker can exploit
this issue by manipulating the 'class' parameter of an
ActionForm object to execute arbitrary code.
(CVE-2014-0114)
- A cross-site scripting vulnerability exists which allows
a remote, authenticated attacker to inject arbitrary
web script or HTML. (CVE-2014-0910)
- An unspecified denial of service vulnerability exists
that allows a remote attacker to crash the host by
sending a specially crafted web request to cause a
consumption of resources. (CVE-2014-0949)
- A cross-site scripting vulnerability exists in the
'boot_config.jsp' script due to improper validation of
user-supplied input. An attacker can exploit this issue
to execute arbitrary script code in the security context
of a user's browser to steal authentication cookies.
(CVE-2014-0952)
- An unspecified cross-site scripting vulnerability exists
due to improper validation of user-supplied input.
(CVE-2014-0953)
- A privilege escalation vulnerability exists in the Web
Content Viewer portlet due to improper handling of JSP
includes. A remote attacker can exploit this issue to
obtain sensitive information, cause a denial of service,
or control the request dispatcher by sending a specially
crafted URL request. (CVE-2014-0954)
- An unspecified cross-site scripting vulnerability exists
due to improper validation of user-supplied input. An
attacker can exploit this issue to execute arbitrary
script code in the security context of a user's web
browser to steal authentication cookies. (CVE-2014-0956)
- An unspecified denial of service vulnerability exists
that allows an authenticated attacker to cause a
successful login to loop back to the login page
indefinitely. (CVE-2014-0959)
- An unspecified information disclosure vulnerability
exists which allows a remote attacker to gain access to
sensitive information. (CVE-2014-3083)
- An unspecified cross-site scripting vulnerability
exists due to improper validation of user-supplied
input. An attacker can exploit this issue to execute
arbitrary script code in the security context of a
user's browser. (CVE-2014-3102)
- An information disclosure vulnerability exists due to
the returned error codes which an attacker can use to
identify devices behind a firewall. (CVE-2014-4746)
- An unspecified open redirect vulnerability exists that
allows an attacker to perform a phishing attack by
enticing a user to click on a malicious URL.
(CVE-2014-4760)
- An information disclosure vulnerability exists which
allows a remote, authenticated attacker to gain access
to sensitive information, such as user credentials,
through certain HTML pages. (CVE-2014-4761)
- An unrestricted file upload vulnerability exists which
allows a remote, authenticated attacker to upload large
files, potentially resulting in a denial of service.
(CVE-2014-4792)
- An unspecified vulnerability exists that allows an
authenticated attacker to execute arbitrary code on the
system. (CVE-2014-4808)
- A flaw exists due to improper recursion detection during
entity expansion. A remote attacker, via a specially
crafted XML document, can cause the system to crash,
resulting in a denial of service. (CVE-2014-4814)
- An information disclosure vulnerability exists that
allows a remote attacker to identify whether or not a
file exists based on the web server error codes.
(CVE-2014-4821)
- An unspecified cross-site scripting vulnerability exists
that allows a remote, authenticated attacker to execute
arbitrary code via a specially crafted URL.
(CVE-2014-6093)
- An unspecified reflected cross-site scripting
vulnerability exists due to improper validation of
user-supplied input. A remote attacker can exploit this
flaw using a specially crafted URL to execute arbitrary
script code in a user's web browser within the security
context of the hosting website. This allows an attacker
to steal a user's cookie-based authentication
credentials. (CVE-2014-6215)
- An unspecified reflected cross-site scripting
vulnerability exists due to improper validation of
user-supplied input. A remote attacker can exploit this
flaw using a specially crafted URL to execute arbitrary
script code in a user's web browser within the security
context of the hosting website. This allows an attacker
to steal a user's cookie-based authentication
credentials. (CVE-2014-8909)
- An unspecified flaw exists that is trigged when handling
Portal requests. A remote attacker can exploit this to
cause a consumption of CPU resources, resulting in a
denial of service condition. (CVE-2015-1943)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top