OSV-2022-1096 Security exception in jaz.Zer.<clinit>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52699 Crash type: Security exception Crash state: jaz.Zer. java.base/java.lang.Class.forName0 java.base/java.lang.Class.forName...

Privilege Escalation

kylin-server-base is vulnerable to privilege escalation. The vulnerability exists in the setParam function in QueryService.java, allowing an attacker to load any class through the Class.forName function...

ElasticSearch - Search Groovy Sandbox Bypass (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Search Groovy Sandbox Bypass', 'Description' = %q This module exploits a remote command execution RCE vulnerability in...

CVE-2002-1287

Stack-based buffer overflow in the Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service via a long class name through 1 Class.forName or 2 ClassLoader.loadClass...

CVE-2002-1287

The CVE concerns Microsoft’s Java implementation used by Internet Explorer. A stack-based buffer overflow occurs in the Java runtime when handling long class names via Class.forName or ClassLoader.loadClass, allowing a remote attacker to cause a denial of service. The affected component is the Mi...