Lucene search
K

62 matches found

Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.9 views

PT-2026-2336

Name of the Vulnerable Software and Affected Versions SAP Wily Introscope Enterprise Manager WorkStation affected versions not specified Description An unauthenticated attacker can create a malicious Java Network Launch Protocol JNLP file accessible via a public URL. When a victim clicks this URL...

9.6CVSS6.8AI score0.00351EPSS
Exploits0References15
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

SAP Wily Introscope Enterprise Manager 代码注入漏洞

SAP Wily Introscope Enterprise Manager is an application performance management component from SAP, Germany. A code injection vulnerability exists in SAP Wily Introscope Enterprise Manager, which stems from the use of a vulnerable third-party component, and could allow an unauthenticated attacker...

9.6CVSS6.2AI score0.00351EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2005-0419

Malware in sbrugna...

7.5CVSS6.4AI score0.01453EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-2210

Malware in sbrugna...

8.2CVSS7.1AI score0.02743EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-5893

Malware in sbrugna...

7.8CVSS7.6AI score0.00905EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2009-3837

Malware in sbrugna...

9.3CVSS6AI score0.06182EPSS
Exploits1References25
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.5 views

SUSE CVE-2005-0836

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.206 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file...

10CVSS7.8AI score0.02927EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.5 views

SUSE CVE-2009-3866

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an...

9.3CVSS7.8AI score0.06182EPSS
Exploits1References6
Zero Day Initiative
Zero Day Initiative
added 2021/11/18 12:0 a.m.26 views

Ivanti Avalanche JNLP File Improper Access Control Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of JNLP files. The issue results from improper access control. An attacker...

8.1CVSS8.6AI score0.02603EPSS
Exploits0
Cvelist
Cvelist
added 2020/06/15 6:7 p.m.16 views

CVE-2020-13651

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client...

7.5AI score0.00905EPSS
Exploits0References1
Veracode
Veracode
added 2020/04/10 12:40 a.m.34 views

Arbitrary Code Execution

ibm java is vulnerable to arbitrary code execution. An attacker is able to execute arbitrary code by modifying certain JNLP file to point a URL to an untrusted application...

9.3CVSS4.1AI score0.06182EPSS
Exploits1References22Affected Software1
Positive Technologies
Positive Technologies
added 2019/07/31 12:0 a.m.4 views

PT-2019-2900 · Icedtea +4 · Icedtea-Web +4

Name of the Vulnerable Software and Affected Versions: IcedTea-Web versions 1.7.2 and 1.8.2 Description: The issue is related to the improper sanitization of paths from jar/ elements in JNLP files. This could allow an attacker to trick a victim into running a specially crafted application,...

8.6CVSS6.9AI score0.04022EPSS
Exploits0References63
Mozilla
Mozilla
added 2019/05/21 12:0 a.m.143 views

Security vulnerabilities fixed in Firefox 67 — Mozilla

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

9.8CVSS1AI score0.06175EPSS
Exploits1References22Affected Software1
OSV
OSV
added 2019/05/21 12:0 a.m.4 views

UBUNTU-CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

7.8CVSS7.1AI score0.00842EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2015/02/12 12:0 a.m.5 views

PT-2015-04: JNLP File Inclusion in Inductive Automation Ignition

The specialists of the Positive Research center have detected a JNLP File Inclusion vulnerability in Inductive Automation Ignition. Adding any symbols to users’ web request for starting Java applet allow including into jnlp file in the field indicating applet to be executed. By manipulating this...

7.3CVSS7.4AI score
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.52 views

Java Web Start Double Quote Injection Remote Code Execution

No description provided by source. ======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0 Version: At least Java 1.6.31 to 1.6.35 a...

10CVSS0.1AI score0.59369EPSS
Exploits17
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Sun Java Runtime Environment 1.6 - Web Start JNLP File Stack Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24832/info Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. A...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/18 12:0 a.m.28 views

SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 7981)

This update to IcedTea-Web 1.4 provides the following fixes and enhancements : - Security updates - RH916774: Class-loader incorrectly shared for applets with same relative-path. CVE-2013-1926 - RH884705: fixed gifar vulnerabilit. CVE-2013-1927 - RH840592: Potential read from an uninitialized...

7.5CVSS5.7AI score0.06172EPSS
Exploits1References11
Packet Storm
Packet Storm
added 2013/06/10 12:0 a.m.61 views

Sun Java Web Start Double Quote Injection

======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0 Version: At least Java 1.6.31 to 1.6.35 and 1.7.03 to 1.7.07 Tested on:...

10CVSS0.3AI score0.68532EPSS
Exploits17
Packet Storm
Packet Storm
added 2013/06/10 12:0 a.m.55 views

Java Applet Driver Manager Privileged toString() Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

10CVSS0.8AI score0.86963EPSS
Exploits10
Rows per page
Query Builder