Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1118 matches found

myhack58
myhack58added 2014/12/24 12:0 a.m.11 views

A user is a particularly large amount of educational classes CMS arbitrary File Download-vulnerability warning-the black bar safety net

Vulnerabilities page: http://www.hbycscjzx.com//OperationManage/DownFile.aspx First register a regular account In personal writing news, when inserted into the attachment capture. You can see the following content code area POST /OperationManage/DownFile. aspx HTTP/1.1 Host: www.hbycscjzx.com...

1.9AI score
Exploits0
NVD
NVDadded 2014/12/02 1:59 a.m.20 views

CVE-2014-3065

Unspecified vulnerability in IBM Java Runtime Environment JRE 7 R1 before SR2 7.1.2.0, 7 before SR8 7.0.8.0, 6 R1 before SR8 FP2 6.1.8.2, 6 before SR16 FP2 6.0.16.2, and before SR16 FP8 5.0.16.8 allows local users to execute arbitrary code via vectors related to the shared classes cache...

6.9CVSS4.3AI score0.00559EPSS
Exploits0References17
Cvelist
Cvelistadded 2014/12/02 1:0 a.m.31 views

CVE-2014-3065

Unspecified vulnerability in IBM Java Runtime Environment JRE 7 R1 before SR2 7.1.2.0, 7 before SR8 7.0.8.0, 6 R1 before SR8 FP2 6.1.8.2, 6 before SR16 FP2 6.0.16.2, and before SR16 FP8 5.0.16.8 allows local users to execute arbitrary code via vectors related to the shared classes cache...

4.1AI score0.00559EPSS
Exploits0References17
CVE
CVEadded 2014/12/02 1:0 a.m.109 views

CVE-2014-3065

CVE-2014-3065: IBM Java SDK/JRE contains a vulnerability where the default configuration for the shared classes feature potentially allows arbitrary code execution via the shared classes cache by other local users. Affected IBM Java versions include IBM SDK/JAVA 2 Technology Edition (v5.0 SR16 FP...

6.9CVSS4.6AI score0.00559EPSS
Exploits0References17Affected Software1
RedHat Linux
RedHat Linuxadded 2014/11/20 4:31 p.m.5 views

JDK: privilege escalation via shared class cache

Unspecified vulnerability in IBM Java Runtime Environment JRE 7 R1 before SR2 7.1.2.0, 7 before SR8 7.0.8.0, 6 R1 before SR8 FP2 6.1.8.2, 6 before SR16 FP2 6.0.16.2, and before SR16 FP8 5.0.16.8 allows local users to execute arbitrary code via vectors related to the shared classes cache...

6.9CVSS6.9AI score0.00559EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2014/11/20 4:16 p.m.3 views

JDK: privilege escalation via shared class cache

Unspecified vulnerability in IBM Java Runtime Environment JRE 7 R1 before SR2 7.1.2.0, 7 before SR8 7.0.8.0, 6 R1 before SR8 FP2 6.1.8.2, 6 before SR16 FP2 6.0.16.2, and before SR16 FP8 5.0.16.8 allows local users to execute arbitrary code via vectors related to the shared classes cache...

6.9CVSS6.9AI score0.00559EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2014/11/19 6:32 p.m.2 views

JDK: privilege escalation via shared class cache

Unspecified vulnerability in IBM Java Runtime Environment JRE 7 R1 before SR2 7.1.2.0, 7 before SR8 7.0.8.0, 6 R1 before SR8 FP2 6.1.8.2, 6 before SR16 FP2 6.0.16.2, and before SR16 FP8 5.0.16.8 allows local users to execute arbitrary code via vectors related to the shared classes cache...

6.9CVSS6.9AI score0.00559EPSS
Exploits0References4
ThreatPost
ThreatPostadded 2014/09/23 3:52 p.m.131 views

Microsoft Online Services Bug Bounty Program Launches

Microsoft had always rejected the possibility of a full-scale bug bounty, relying instead on solid relationships it spent the better part of a decade fostering with researchers worldwide who submit vulnerabilities to the Microsoft Security Research Center MSRC. Yet in the past couple of years, th...

9.3CVSS9.4AI score0.99945EPSS
Exploits33References6
Patchstack
Patchstackadded 2014/09/18 12:0 a.m.16 views

WordPress Easy MailChimp Forms Plugin <= 5.0.3 - CSRF

This plugin is prone to a cross site request forgery vulnerability via classes/class.yksemeBase.php. Solution Update the plugin...

3.6AI score
Exploits0Affected Software1
Fedora
Fedoraadded 2014/08/23 2:0 a.m.86 views

[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

7.5CVSS1.5AI score0.95821EPSS
Exploits4
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.22 views

JRuby Sandbox 0.2.2 - Sandbox Escape

No description provided by source. Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +-+++ Authors joernchen joernchen phenoelit de Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox = 0.2.2 https://github.com/omghax/jruby-sandbox Vendor communication 2014-04-22 Send...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.34 views

Jinzora <= 2.1 (media.php) Remote File Include Vulnerability

No description provided by source. Jinzora = 2.1 Remote File Inclusion Download Source : http://www.jinzora.com/downloads/j2.1.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; media.php bugs ; // include classes for extending. requireonce$includepath...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.9 views

ProjectButler <= 0.8.4 (rootdir) Remote File Include Vulnerabilities

No description provided by source. projectbutler-0.8.4 Remote File Inclusion Vulnerability Download: http://prdownloads.sourceforge.net/projectbutler/projectbutler-0.8.4.tar.gz?download Found By: the master exploit: http://Target/Path/classes/Cache.class.php?rootdir=http://cmd.gif?...

7.1AI score
Exploits0
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.70 views

Java Applet JMX Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

10CVSS0.3AI score0.97612EPSS
Exploits38
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.96 views

Java Applet Field Bytecode Verifier Cache Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

10CVSS0.5AI score0.93688EPSS
Exploits9
Ubuntu
Ubuntuadded 2014/05/21 6:39 p.m.70 views

USN-2218-1: Xalan-Java vulnerability

Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources...

7.5CVSS7.5AI score0.137EPSS
Exploits2
exploitpack
exploitpackadded 2014/04/25 12:0 a.m.9 views

JRuby Sandbox 0.2.2 - Sandbox Escape

JRuby Sandbox 0.2.2 - Sandbox Escape Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport,...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2014/04/24 12:0 a.m.16 views

JRuby Sandbox 0.2.2 Bypass

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport, 'java.util.Scanner'" sand.eval"s =...

7.4AI score
Exploits0
OSV
OSVadded 2014/04/23 3:55 p.m.37 views

PYSEC-2014-3

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

10CVSS5.8AI score0.04753EPSS
Exploits0References8
Cvelist
Cvelistadded 2014/04/23 2:0 p.m.38 views

CVE-2014-0474

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

6.5AI score0.04753EPSS
Exploits0References7
Rows per page
Query Builder