61 matches found
EUVD-2006-0894
Malware in sbrugna...
EUVD-2007-2053
Malware in sbrugna...
EUVD-2010-2332
Malware in sbrugna...
CVE-2013-1352
Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive...
Important: firefox
Issue Overview: Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100. CVE-2022-29912 In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an...
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
[SECURITY] Fedora 40 Update: maven-source-plugin-3.3.0-6.fc40
The Maven Source Plugin creates a JAR archive of the source files of the current project...
JetBrains TeamCity Path Traversal Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a path traversal...
PT-2024-2745 · Jetbrains · Jetbrains Teamcity +1
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.11.3 Description: The issue is related to path traversal in JetBrains TeamCity, allowing an attacker to read data within JAR archives. This can be exploited by a remote attacker. The vulnerability is...
CVE-2022-34267
An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...
Authentication flaw
An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...
CVE-2022-34267
An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint...
CVE-2022-34267
Summary: RWS WorldServer before 11.7.3 contains an authentication bypass. By adding a token parameter with value 02, an attacker can bypass all auth requirements and upload/execute arbitrary Java code via a .jar archive at the ws-api/v2/customizations/api endpoint. Impact: unauthenticated code ex...
USN-6263-2 openjdk-lts, openjdk-17 regression
USN-6263-1 fixed vulnerabilities in OpenJDK. Unfortunately, that update introduced a regression when opening APK, ZIP or JAR files in OpenJDK 11 and OpenJDK 17. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Motoyasu Saburi discovered that OpenJDK...
SUSE CVE-2010-2322
Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an...
CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
Hardcoded credentials
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive...
SUSE SLES12 Security Update : fastjar (SUSE-SU-2021:2635-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:2635-1 advisory. - Absolute path traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwri...