Discuz! Account the issuance of the plug-in injection 0day-vulnerability warning-the black bar safety net

Discuz! Account the issuance of the plug-in injection 0day Plugin name:2Fly giftnumberpayment system 漏洞 文件 :2flygift.php Version:latest version Exp:http://www. xxx. com/2flygift. php? pages=content&gameid=1 6 and 1=2 union select 1,2,3,4,concatusername,0x3a,password,6,7,8,9,1 0,1 1,1 2,1 3,1 4,1...

OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490...

OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948...

OpenJDK: Files disclosure, arbitrary code execution via "deserializing applets" (6646860)

Unspecified vulnerability in the Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors...

Adobe Flash vulnerability affects Flash Player and other Adobe products

Overview Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Flash Player, Reader, Acrobat, and other products that include Flash support are affected. Description Adobe Flash is a widely deployed multimedi...

openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)

The Sun JDK 6 was updated to Update13 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier do...

openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-698)

The Sun JDK 5 was updated to Update18 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier do...

openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-705)

The Sun JDK 6 was updated to Update13 to fix various bugs and security issues. CVE-2009-1093: LdapCtx in the LDAP service in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier do...

Sun Java System Web Proxy Server Vulnerabilities (Windows)

This host has Sun Java Web Server running on Linux, which is prone to Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: gbsunjavasyswebservxssvulnlin.nasl 5158 2017-02-01 14:53:04Z mime $ Sun Java System Web Server XSS Vulnerability Linux Authors: Sharath S Copyright: Copyright ...

Sun Java System Web Proxy Server Vulnerabilities - Windows

Sun Java Web Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security feature bypass

Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...

DX Studio Player Firefox plug-in code execution

It's possible to execute system commands via Javascript API...

DX Studio Player < 3.0.29.1 Firefox plug-in Command Injection Vuln

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio Player Firefox plug-in command injectio...

DX Studio Player Firefox plug-in command injection

1. Advisory Information Title: DX Studio Player Firefox plug-in command injection Advisory ID: CORE-2009-0521 Advisory URL:http://www.coresecurity.com/core-labs/advisories/DXStudio-player-firefox-plugin Date published: 2009-06-09 Date of last update: 2009-06-08 Vendors contacted: Worldweaver...

CVE-2009-1934

Cross-site scripting XSS vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error...

CVE-2009-1934

Cross-site scripting XSS vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error...

Discuz! 7.0 number of plug-ins there are different degrees of vulnerability-vulnerability warning-the black bar safety net

Discuz! Is the domestic first large Forum, having gone through years of UPS and downs, the security can be said is also one of the best. But I find, more and more non-Discuz it! Official plug-in there is a security vulnerability, if not promptly repaired, may impact the entire site's security. He...

OpenJDK: Files disclosure, arbitrary code execution via "deserializing applets" (6646860)

Unspecified vulnerability in the Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors...

OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948...

OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490...