CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2017/06/06 6:29 p.m.•10 views

CVE-2016-0767

PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath...

6.5CVSS6.2AI score0.00123EPSS

Prion•added 2017/06/06 6:29 p.m.•6 views

Path traversal

PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath...

4CVSS6.7AI score0.00123EPSS

Exploits0References1Affected Software1

Prion•added 2017/04/06 9:59 p.m.•18 views

Code injection

Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not...

7.5CVSS8.1AI score0.01384EPSS

Exploits0References3Affected Software2

CNVD•added 2017/03/23 12:0 a.m.•3 views

CloudBees Jenkins Pipeline: Classpath Steps Plugin Security Bypass Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools . A security vulnerability in the CloudBees Jenkins Pipeline: Classpath Steps plugin allows remote attackers to submit a special request to bypass security restrictions and...

8.5CVSS6.9AI score0.00114EPSS

CNVD•added 2017/02/28 12:0 a.m.•2 views

IBM Development Package for Apache Spark Denial of Service Vulnerability

IBM Development Package for Apache Spark is a software development kit. A denial of service vulnerability exists in IBM Development Package for Apache Spark, which can be exploited to launch a denial of service attack. In addition, the Apache Development Package for Apache Spark is vulnerable to ...

7.8CVSS6.7AI score0.0823EPSS

NVD•added 2017/02/15 7:59 p.m.•10 views

CVE-2016-0360

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference : 1983457...

9.8CVSS9.7AI score0.00962EPSS

Exploits0References3

CVE•added 2017/02/15 7:0 p.m.•81 views

CVE-2016-0360

CVE-2016-0360 concerns IBM WebSphere MQ JMS client deserializing objects from untrusted sources, enabling arbitrary Java code execution via vulnerable classes on the classpath. It affects WebSphere Application Server and related IBM products (e.g., MQ JMS JCA resource adapter). Remediation: apply...

9.8CVSS9.4AI score0.00962EPSS

Exploits0References3Affected Software1

0day.today•added 2016/11/05 12:0 a.m.•36 views

Spark 2.5 Arbitrary File Read Vulnerability

Exploit for php platform in category web applications Spark sparkjava.com is a mildly hyped Java micro web framework that also provides functionality to serve static files. Unfortunately, there's no protection against directory traversal attacks and I haven't been able to contact anyone related t...

7.1AI score

Exploits0

seebug.org•added 2016/11/04 12:0 a.m.•28 views

Sparkjava Framework arbitrary file read vulnerability

Classpath Vuln Exploit the classpath based vulnerability with something like: curl "http:///....\spark\Spark.class" The number of ..\ you need in the path depends on where in the classpath the static file location is configured to be. If you don't have the right amount then you don't get anything...

6.8AI score

Exploits0

Packet Storm•added 2016/11/03 12:0 a.m.•37 views

Spark 2.5 Arbitrary File Read

Hey folks, Spark sparkjava.com is a mildly hyped Java micro web framework that also provides functionality to serve static files. Unfortunately, there's no protection against directory traversal attacks and I haven't been able to contact anyone related to the project after trying 4 people over 2...

0.4AI score

Exploits0

RedHat Linux•added 2016/10/06 4:18 p.m.•4 views

bsh2: remote code execution via deserialization

A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this...

RedhatCVE•added 2016/07/04 9:23 a.m.•21 views

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

7.5CVSS4.6AI score0.02129EPSS

RedHat Linux•added 2016/06/30 9:6 p.m.•1 views

bsh2: remote code execution via deserialization

RedHat Linux•added 2016/05/26 7:25 p.m.•2 views

bsh2: remote code execution via deserialization

Mageia•added 2016/04/13 5:39 p.m.•55 views

Updated apache-commons-collections packages fix CVE-2015-8103

Updated apache-commons-collections packages fix security vulnerability: Due to an issue with serialization, Java applications can be vulnerable to malicious remote code execution when the apache-commons-collections library is on the classpath CVE-2015-8103...

9.8CVSS9.3AI score0.86333EPSS

Exploits12References2

OSV•added 2016/04/07 8:59 p.m.•1 views

DEBIAN-CVE-2016-2510

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...

RedHat Linux•added 2016/03/30 6:34 p.m.•0 views

Exploits1References1

bsh2: remote code execution via deserialization

RedHat Linux•added 2016/03/30 6:16 p.m.•2 views

bsh2: remote code execution via deserialization