CVE-2026-8243

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This affects an unknown function of the component JNLP Deployment Endpoint. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be performed from remote. The vendor was...

Canias ERP 加密问题漏洞

Canias ERP is a comprehensive management system developed by the Swiss company Canias, covering enterprise resource planning and business process management. Version 8.03 of Canias ERP contains a security vulnerability related to encryption. This vulnerability stems from the use of hardcoded...

CVE-2026-0500 Remote code execution in SAP Wily Introscope Enterprise Manager (WorkStation)

Due to the usage of vulnerable third party component in SAP Wily Introscope Enterprise Manager WorkStation, an unauthenticated attacker could create a malicious JNLP Java Network Launch Protocol file accessible by a public facing URL. When a victim clicks on the URL the accessed Wily Introscope...

EUVD-2011-2498

Malware in sbrugna...

EUVD-2020-1796

Malware in sbrugna...

EUVD-2011-2499

Malware in sbrugna...

CVE-2020-0293

In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID:...

Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization

The Apache Software Foundation ASF has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046 , the vulnerability carries a CVSS score of 10.0. It...

SUSE CVE-2010-2783

IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services...

CVE-2020-0293

In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID:...

Information disclosure

In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID:...

CVE-2020-0293

In Java network APIs, there is possible access to sensitive network state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation in Android versions: Android-11, Android ID:...

Arbitrary Code Execution

icedtea-web is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was discovered in the JNLP Java Network Launching Protocol implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box...

Debian DLA-1914-1 : icedtea-web security update

Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol JNLP. CVE-2019-10181 It was found that in icedtea-web executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this fl...

[SECURITY] [DLA 1914-1] icedtea-web security update

Package : icedtea-web Version : 1.5.3-1+deb8u1 CVE ID : CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 Debian Bug : 934319 Several security vulnerabilities were found in icedtea-web, an implementation of the Java Network Launching Protocol JNLP. CVE-2019-10181 It was found that in icedtea-web...

The vulnerability of the IcedTea-Web plugin, related to errors in processing JNLP files, allows a hacker to write any files into the device’s file system.

The vulnerability of the IcedTea-Web plugin is related to errors in processing JNLP files. Exploiting this vulnerability allows a remote attacker to write arbitrary files to the device’s file system using a specially created application...

IcedTea-Web Data Forgery Issue Vulnerability

IcedTea-Web is an open source implementation of JSR-56 Java Network Launching Protocol and API. IcedTea-Web suffers from a Data Forgery Issue vulnerability that arises from a failure of a network system or product to adequately verify the origin or authenticity of data. An attacker could exploit...

In ie8 using ROP and Heap Spray using the bounce of the shell-vulnerability warning-the black bar safety net

This exploit program is for the Windows 7 platform on the IE8 browser. The focus of our attention is one that uses the Java network launch Protocol JNLP the plug-in, this plug-in there is overflow vulnerability. In order to achieve the use, I will use the Heaplib to construct a ROP chain in order...

CVE-2011-2513

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

CVE-2011-2514

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warnin...