CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

hackapp•added 2016/04/01 9:21 a.m.•7 views

Photo Water Reflection Effect - Dangerous filesystem permissions, MIT license, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Photo Water Reflection Effect published at the 'play' market has multiple vulnerabilities...

1.5AI score

Exploits0References1Affected Software1

ArchLinux•added 2016/04/01 12:0 a.m.•53 views

jre7-openjdk-headless: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

ArchLinux•added 2016/04/01 12:0 a.m.•51 views

jre7-openjdk: sandbox escape

ArchLinux•added 2016/04/01 12:0 a.m.•58 views

jdk7-openjdk: sandbox escape

ArchLinux•added 2016/03/29 12:0 a.m.•75 views

jdk8-openjdk: sandbox escape

ArchLinux•added 2016/03/29 12:0 a.m.•60 views

jre8-openjdk-headless: sandbox escape

ArchLinux•added 2016/03/29 12:0 a.m.•45 views

jre8-openjdk: sandbox escape

ThreatPost•added 2016/03/24 12:5 p.m.•46 views

Emergency Java Patch Re-Issued for 2013 Vulnerability

Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it...

9.3CVSS0.6AI score0.13484EPSS

Exploits0References4

Hacker One•added 2016/03/16 4:29 a.m.•26 views

New Relic: Host Header Injection / Cache Poisoning

The application reflects HTTP Header value back in it's response and it may be possible to poison the server cache. The X-Forwarded-Host is directly reflected as a hyperlink. HTTP Request GET / HTTP/1.1 Host: newrelic.com X-Forwarded-Host: pavanw3b.com ... .... HTTP Response HTTP/1.1 200 OK...

0.3AI score

ThreatPost•added 2016/03/14 9:24 a.m.•36 views

Broken 2013 Java Patch Leads to Sandbox Bypass

Java’s miserable 2013 just will not go away. One of the endless parade of bugs found in the platform throughout 2013—many of which were zero-day vulnerabilities exploited in targeted attacks—apparently wasn’t closed off completely by an October 2013 patch released by Oracle. Researchers at Polish...

9.3CVSS9AI score0.03812EPSS

Exploits0References5

myhack58•added 2016/03/02 12:0 a.m.•13 views

How I was in the Google collaboration community GWC found the reflection type, a storage type, the DOM type of vulnerability? - Vulnerability warning-the black bar safety net

! Google for Work Connect, the GWC is a System, Application Administrator, and partner community of system, but also in Google's vulnerability reward range. Shortly before, I was in the GWC community system found reflection type, a storage type, the DOM typeXSS. The storage typeXSS In the GWC...

7.1AI score

myhack58•added 2015/12/23 12:0 a.m.•157 views

Android WebView remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

In the past period of time, the WebView remote code execution vulnerability can be said to be swept a large number of the Android App query some vulnerabilities of the platform can be substantially the case, given the many loopholes in the App and not disclosed, and therefore WebVeiw remote code...

1AI score

Packet Storm•added 2015/12/23 12:0 a.m.•38 views

CouchCMS 1.4.5 Cross Site Scripting / Open Redirect

Security Advisory - Curesec Research Team 1. Introduction Affected Product: CouchCMS 1.4.5 Fixed in: 1.4.7 Fixed Version Link: http://www.couchcms.com/products/ Vendor Website: http://www.couchcms.com/ Vulnerability Type: XSS & Open Redirect Remote Exploitable: Yes Reported to vendor: 11/17/2015...

0.1AI score

exploitpack•added 2015/12/16 12:0 a.m.•23 views

FireEye - Wormable Remote Code Execution in MIP JAR Analysis

FireEye - Wormable Remote Code Execution in MIP JAR Analysis Source: https://code.google.com/p/google-security-research/issues/detail?id=666 The FireEye MPS Malware Protection System is vulnerable to a remote code execution vulnerability, simply from monitoring hostile traffic. FireEye is designe...

0.1AI score

seebug.org•added 2015/11/25 12:0 a.m.•30 views

Apache Commons Collections 'InvokerTransformer.java'远程代码执行漏洞

Apache Commons Collections背景介绍 Apache Commons Collections 是一个扩展了Java标准库里的Collection结构的第三方基础库，它提供了很多强有力的数据结构类型并且实现了各种集合工具类。作为Apache开源项目的重要组件，Commons Collections被广泛应用于各种Java应用的开发。 Apache Commons Collections漏洞原理 Map类是存储键值对的数据结构，Apache Commons...

7AI score

Mageia•added 2015/11/04 6:3 p.m.•43 views

Updated springframework packages fix security vulnerability

Under some situations, the Spring Framework is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being downloaded rather than rendered and also includes some input reflected in the...

9.6CVSS7.8AI score0.01877EPSS

Exploits1References2

Hacker One•added 2015/10/20 8:45 p.m.•13 views

Radancy: XSS risk reduction with X-XSS-Protection: 1; mode=block header

As you can read for example on this Microsoft blog http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx: " ... X-XSS-Protection: 1; mode=block When this token is present, if a potential XSS Reflection attack...

0.6AI score

myhack58•added 2015/10/08 12:0 a.m.•20 views

Shopify trade platform facing RFD attacks, and not fix-bug warning-the black bar safety net

WebSegura researcher David Sopas found a reflection type file name download RFD）vulnerability, the vulnerability exists in the popular multi-channel trade platform Shopify, although he has to Shopify company sent a safety report, but it seems that the company did not find the vulnerability of the...

0.5AI score