CVE-2015-7912

The Ice Faces servlet in agserverservice.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document...

Default configuration

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request...

CVE-2015-0225

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request...

CVE-2015-0279

JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language EL expressions and execute arbitrary Java code via the do parameter...

CVE-2014-7296

CVE-2014-7296 affects SpagoBI 5.0.0: the accessibility engine’s default config does not enable FEATURE_SECURE_PROCESSING, allowing remote authenticated users to execute arbitrary Java code through a crafted XSL document. Impact is code execution with partial confidentiality/integrity/availability...

CVE-2013-6469

JBoss Overlord Run Time Governance RTGov 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. NOTE: some of these details are obtained from third party information...

Code injection

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

CVE-2013-2035

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

Openfire Admin Console Authentication Bypass

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'rex/zip' class Metasploit3...

Java Debug Wire Protocol Detection

A Java Debug Wire Protocol JDWP server was detected on the remote host. This is a network protocol that allows debugging of a remote Java virtual machine. Authentication is not required to access this service. A remote, unauthenticated attacker could connect to this service and execute arbitrary...

CVE-2012-0391

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...

Microsoft Forefront Unified Access Gateway Java Applet Signed Code Execution

Added: 10/17/2011 CVE: CVE-2011-1969 BID: 49983 OSVDB: 76236 Background Microsoft Forefront Unified Access Gateway UAG is a reverse proxy and VPN solution. Problem End users of UAG must install a signed Java applet via MicrosoftClient.jar. This applet loads unsigned Java classes, which may allow ...

CVE-2011-1484

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

CVE-2011-1484

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

JBoss Seam privilege escalation caused by EL interpolation in FacesMessages

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

CVE-2009-1472

The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to 1 execute arbitrary Java code, or 2 gain access to machines connected to...

CVE-2007-6382

The Event Dispatch Thread in Robocode before 1.5.1 allows remote attackers to execute arbitrary Java code by using a robot to invoke the SwingUtilities.invokeLater method...

[SECURITY] [DSA 1419-1] New OpenOffice.org packages fix arbitrary Java code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1419-1 [email protected] http://www.debian.org/security/ Martin Schulze December 5th, 2007 http://www.debian.org/security/faq -...

Oracle XSQL Stylesheet Vulnerability

The Oracle XSQL Servlet allows arbitrary Java code to be executed by an attacker by supplying the URL of a malicious XSLT stylesheet when making a request to an XSQL page. OpenVAS Vulnerability Test $Id: oraclexsql.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Oracle XSQL Stylesheet...

CVE-2002-2284

Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes...