15 matches found
EUVD-2005-4756
Malware in sbrugna...
EUVD-2004-2686
Malware in sbrugna...
CVE-2025-42925
Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time,...
CVE-2021-2394
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIO...
CVE-2005-4763
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol IIOP is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to...
VulnCheck KEV: CVE-2020-2551
Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server...
CVE-2021-2136
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise...
Exploit for CVE-2020-2551
CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...
PT-2020-2527
Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 10.3.6.0.0 through 12.2.1.4.0 Description The issue is related to the Core component of Oracle WebLogic Server and is caused by inadequate access control. It allows an unauthenticated attacker with network acces...
Unspecified Vulnerability in SAP Business Objects Business Intelligence Platform
SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A security vulnerability exists in SAP Business Objects Business...
CVE-2016-9796
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods AddJobSet, AddJob, and ExecuteNow that can be used to run arbitrary commands on the...
IBM WebSphere Application Server Detection (GIOP)
GIOP General Inter-ORB Protocol based detection of an IBM WebSphere Application Server. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...
Ubuntu: Security Advisory (USN-1263-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1263-1: IcedTea-Web, OpenJDK 6 vulnerabilities
Deepak Bhole discovered a flaw in the Same Origin Policy SOP implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. CVE-2011-3377 Juliano Rizzo and Thai Duong discovered that the block-wise AES...
CVE-2007-1419
The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol JMX RMI-IIOP API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server...