Lucene search
K

479 matches found

Positive Technologies
Positive Technologies
added 2015/03/18 12:0 a.m.3 views

PT-2015-4542 · Apache +2 · Apache Batik +2

Name of the Vulnerable Software and Affected Versions: Apache Batik versions 1.x before 1.8 Description: The issue is related to an XML external entity XXE vulnerability in the SVG to PNG and JPG conversion classes. This allows remote attackers to read arbitrary files or cause a denial of service...

6.4CVSS8.4AI score0.16564EPSS
Exploits1References32
UbuntuCve
UbuntuCve
added 2015/03/18 12:0 a.m.37 views

CVE-2015-0250

XML external entity XXE vulnerability in the SVG to 1 PNG and 2 JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file...

6.4CVSS7AI score0.16564EPSS
Exploits1References3
OSV
OSV
added 2015/03/18 12:0 a.m.5 views

UBUNTU-CVE-2015-0250

XML external entity XXE vulnerability in the SVG to 1 PNG and 2 JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file...

6.4CVSS7.1AI score0.16564EPSS
Exploits1References4
NVD
NVD
added 2014/10/16 7:55 p.m.11 views

CVE-2014-7016

The Mahasna Batik aka com.batik.mahasna application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References3
Prion
Prion
added 2014/10/16 7:55 p.m.13 views

Design/Logic Flaw

The Mahasna Batik aka com.batik.mahasna application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/10/16 7:0 p.m.19 views

CVE-2014-7016

The Mahasna Batik aka com.batik.mahasna application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00266EPSS
Exploits0References3
CVE
CVE
added 2014/10/16 7:0 p.m.34 views

CVE-2014-7016

The CVE-2014-7016 entry concerns the Mahasna Batik (com.batik.mahasna) Android app (version 1.0). The root cause is failure to verify X.509 certificates when establishing SSL connections, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certific...

5.4CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Squiggle 1.7 SVG Browser Java Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2012/05/19 12:0 a.m.23 views

Squiggle 1.7 - SVG Browser Java Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Squiggle 1.7 SVG...

7.4AI score
Exploits0
0day.today
0day.today
added 2012/05/18 12:0 a.m.14 views

Squiggle 1.7 SVG Browser Java Code Execution

Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2012/05/18 12:0 a.m.23 views

Squiggle 1.7 SVG Browser Java Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Squiggle 1.7 SVG...

Exploits0
Metasploit
Metasploit
added 2012/05/17 2:48 p.m.22 views

Squiggle 1.7 SVG Browser Java Code Execution

This module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted SVG file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: 1 It must support at least SVG version...

8.3AI score
Exploits0
NVD
NVD
added 2005/03/14 5:0 a.m.7 views

CVE-2005-0508

Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."...

4.6CVSS6.3AI score0.00379EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2005/03/14 5:0 a.m.23 views

CVE-2005-0508

Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."...

4.6CVSS5.9AI score0.00379EPSS
Exploits0References1
OSV
OSV
added 2005/03/14 5:0 a.m.1 views

DEBIAN-CVE-2005-0508

Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."...

4.6CVSS6.5AI score0.00379EPSS
Exploits0References1
CVE
CVE
added 2005/02/22 5:0 a.m.43 views

CVE-2005-0508

CVE-2005-0508 affects Batik’s Squiggle component prior to Batik 1.5.1. The vulnerability allows bypassing certain access controls via features of the Rhino JavaScript engine due to a script security issue. Root cause is tied to Rhino scripting security in Squiggle. Affected software is Batik (Squ...

4.6CVSS6.3AI score0.00379EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2005/02/22 5:0 a.m.29 views

CVE-2005-0508

Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."...

4.6CVSS6.2AI score0.00379EPSS
Exploits0
securityvulns
securityvulns
added 2005/02/22 12:0 a.m.29 views

Apache Batik Squiggle SVG browser protection bypass

No description provided...

2.9AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2005/02/22 12:0 a.m.24 views

[SA14336] Batik Squiggle Browser Unspecified Security Bypass

TITLE: Batik Squiggle Browser Unspecified Security Bypass SECUNIA ADVISORY ID: SA14336 VERIFY ADVISORY: http://secunia.com/advisories/14336/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Batik 1.x http://secunia.com/product/4685/ DESCRIPTION: A vulnerability h...

1.3AI score
Exploits0
Rows per page
Query Builder