Searching soap software vulnerabilities

The default configuration of Oracle 9i Applicat

authentication | configuration | Application | Monitoring | anonymous | sensitive | including | services | without | Dynamic | default | Server | Oracle | access | allows | remote | users | 102x |

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.


Oracle 9i Application Server stores XSQL and SO

configuration | information | Application | insecurely | requesting | sensitive | including | usernames | passwords | Server | obtain | stores | Oracle | allows | which | files | users | local | XSQL | SOAP |

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.


The Javascript "Same Origin Policy" (SOP), as i

Javascript | Policy" | Origin | "Same |

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.


Unknown vulnerability in ColdFusion MX 6.0 and

vulnerability | ColdFusion | attackers | argument | expects | objects | service | Unknown | allows | remote | denial | array | cause | JRun | SOAP | web |

Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).


Unknown vulnerability in Sun Java System Applic

vulnerability | Application | attackers | argument | service | earlier | expects | objects | Unknown | System | denial | allows | remote | Update | Server | array | cause | Java | SOAP | Sun | web |

Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).


The XML parser in Oracle 9i Application Server

Application | Release | Server | parser | Oracle | XML |

The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD.


aspnet_wp.exe in Microsoft ASP.NET web services

aspnet_wpexe | attackers | Microsoft | services | service | denial | remote | ASPNET | allows | cause | web |

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.


Adobe Graphics Server 2.0 and 2.1 (formerly Alt

Graphics | Server | Adobe |

Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web service in which the request uses the (1) saveContent or (2) saveOptimized ADS commands, or the (3) loadContent command.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.


Multiple vulnerabilities in BEA WebLogic Server

vulnerabilities | information | sensitive | attackers | including | Multiple | WebLogic | through | Server | remote | leak | SP4 | BEA | SP7 | SP6 |

Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault.


Multiple unspecified vulnerabilities in IBM Web

vulnerabilities | Application | unspecified | WebSphere | Multiple | Server | before | IBM |

Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.


Integer signedness error in the _zend_mm_alloc_

_zend_mm_alloc_int | signedness | function | Manager | Integer | Memory | error | Zend | PHP |

Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.


PHP remote file inclusion vulnerability in inc_

inc_ACVS/SOAP/Transportphp | vulnerability | inclusion | Services | Conseil | Visites | Sejours | Accueil | remote | file | PHP | Web |

PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php in Accueil et Conseil en Visites et Sejours Web Services (ACVSWS) PHP5 (ACVSWS_PHP5) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CheminInclude parameter.


Buffer overflow in the make_http_soap_request f

make_http_soap_request | function | overflow | before | Buffer | PHP |

Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.


The soap extension in PHP calls php_rand_r with

mcrypt_create_iv | uninitialized | CVE-2007-2727 | php_rand_r | extension | variable | covered | unknown | vectors | related | impact | attack | issue | calls | which | soap | seed | PHP | has |

The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727.


The SOAP webservice in vtiger CRM before 5.0.3

webservice | before | vtiger | SOAP | CRM |

The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin.


Stampit Web uses guessable id values for online

guessable | purchases | attackers | Stampit | service | allows | remote | online | values | denial | cause | stamp | which | uses | Web |

Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service (stamp invalidation) via a SOAP request with an id value for a stamp that has not yet been printed.


Unspecified vulnerability in netInvoicing befor

vulnerability | netInvoicing | Unspecified | before |

Unspecified vulnerability in netInvoicing before 2.7.3 has unknown impact and attack vectors, related to "security check soap".


Software vulnerabilities results 1 to 19 of 19     
Page: 1