71 matches found
ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs
Adobe today released an important security hotfix for several versions of its ColdFusion rapid web application development platform. The company said the update addresses an input validation vulnerability CVE-2017-3008 in the software that could be used in reflected cross-site scripting XSS...
Microsoft Exchange Server Information Disclosure Vulnerability (3160339)
This host is missing an important security update according to Microsoft Bulletin MS16-079. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
Information disclosure
Outlook Web Access OWA in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka...
Sun Java Runtime Environment 1.6 - Web Start JNLP File Stack Buffer Overflow
Exploit for linux platform in category remote exploits source: http://www.securityfocus.com/bid/24832/info Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently...
Java 7 Update 11 vulnerability to download and execute
Java 7 Update 11 vulnerability to download and execute. With this applet you can boot from a remote host and execute the file, bypassing pisochnitsy java, also affected and older. Usage Info All material is provided with source code, and you will be able to easily assemble ready exploit replacing...
Code injection
Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components CFC public methods via WebSockets...
CVE-2013-3350
Adobe ColdFusion 10 before Update 11 allows remote attackers to call ColdFusion Components CFC public methods via WebSockets...
VulnCheck KEV: CVE-2013-1389
Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10 allows remote attackers to execute arbitrary code via unknown vectors...
Oracle Java SE 7 < Update 11 Multiple Vulnerabilities (Unix)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is earlier than 7 Update 11 and is, therefore, potentially affected by the following security issues : - An unspecified issue exists in the Libraries component. CVE-2012-3174 - An error exists in the...
Oracle Java SE Unspecified Vulnerability - Feb 13 (Windows)
This host is installed with Oracle Java SE and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gboraclejavaseunspecifiedvulnfeb13win.nasl 7699 2017-11-08 12:10:34Z santu $ Oracle Java SE Unspecified Vulnerability - Feb 13 Windows Authors: Arun Kallavi Copyright: Copyright c...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs...
CVE-2013-1479
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
CVE-2013-0449
CVE-2013-0449 is an unspecified vulnerability in the Oracle Java SE 7 JRE (Deployment area) up to Update 11 that could allow remote confidentiality impact. Public details in provided documents are limited; no exploitation specifics are given. Remediation across connected advisories generally invo...
CVE-2012-3342
CVE-2012-3342 is listed in IBM security advisories as part of a set of Java/JRE related flaws. IBM reports affected products as IBM WebSphere ILOG JRules V7.1.1 (Windows with a provided JDK) and IBM Operational Decision Manager V7.5/V8.0 (all distributed platforms). Remediation is via APAR RS0128...
CVE-2013-1473
CVE-2013-1473 is described as an unspecified vulnerability in the JRE Deployment component of Oracle Java SE 7 (up to Update 11) and Java SE 6 (up to Update 38). Connected IBM bulletins identify this CVE among a set of IBM JRE/JRules/ODM vulnerabilities and provide remediation: RS01283 with Windo...