|
293391
|
- |
|
ibm
|
rational_appscan
|
Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-0737
|
2024-11-21 10:35 |
2012-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293392
|
- |
|
ibm
|
rational_appscan
|
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site.
|
CWE-20
Improper Input Validation
|
CVE-2012-0736
|
2024-11-21 10:35 |
2012-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293393
|
- |
|
ibm
|
rational_appscan
|
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified oth…
|
CWE-20
Improper Input Validation
|
CVE-2012-0735
|
2024-11-21 10:35 |
2012-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293394
|
- |
|
ibm
|
rational_appscan
|
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other i…
|
NVD-CWE-noinfo
|
CVE-2012-0734
|
2024-11-21 10:35 |
2012-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293395
|
- |
|
ibm
|
rational_appscan
|
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a sessio…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0733
|
2024-11-21 10:35 |
2012-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293396
|
- |
|
ibm
|
rational_appscan
|
The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv…
|
CWE-310
Cryptographic Issues
|
CVE-2012-0732
|
2024-11-21 10:35 |
2012-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293397
|
- |
|
ibm
|
rational_appscan
|
IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2012-0731
|
2024-11-21 10:35 |
2012-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293398
|
- |
|
ibm
|
rational_appscan
|
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requ…
|
CWE-352
Origin Validation Error
|
CVE-2012-0730
|
2024-11-21 10:35 |
2012-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293399
|
- |
|
ibm
|
rational_appscan
|
Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and…
|
NVD-CWE-Other
|
CVE-2012-0729
|
2024-11-21 10:35 |
2012-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293400
|
- |
|
pythonpaste
|
paste
|
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leverag…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0878
|
2024-11-21 10:35 |
2012-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
