Lucene search
+L

175 matches found

Check Point Advisories
Check Point Advisories
added 2010/05/26 12:0 a.m.53 views

Oracle Java Web Start Launch Command-Line Injection (CVE-2010-0886; CVE-2010-0887; CVE-2010-1423)

The Oracle Java Web Start is a component of the Java 2 Runtime Environment JRE. It facilitates network deployment of applications developed with the Java programming language. This component enables stand-alone Java applications to be downloaded from a remote network location and run on a target...

10CVSS7.9AI score0.69949EPSS
Exploits8
RedHat Linux
RedHat Linux
added 2010/04/19 9:20 p.m.7 views

Java: Java Web Start arbitrary command line injection

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

10CVSS5.8AI score0.09428EPSS
Exploits7References4
securityvulns
securityvulns
added 2010/04/12 12:0 a.m.80 views

JAVA web start arbitrary command-line injection - "-XXaltjvm" arbitrary dll loading (0day)

HTML Version ---------- http://www.reversemode.com/index.php?option=comcontent&task=view&id=67&Itemid=1 ---------- Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I...

7AI score
Exploits0
0day.today
0day.today
added 2010/04/09 12:0 a.m.31 views

JAVA Web Start Arbitrary command-line injection

Exploit for multiple platform in category remote exploits =============================================== JAVA Web Start Arbitrary command-line injection =============================================== Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/04/09 12:0 a.m.21 views

JAVA Web Start Arbitrary Command-Line Injection

Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common "0day++" tweet. The method in which Java Web Start support has been added to the JRE is not less th...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2010/04/09 12:0 a.m.36 views

JAVA Web Start - Arbitrary Command-Line Injection

Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common "0day++" tweet. The method in which Java Web Start support has been added to the JRE is not less th...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2010/04/09 12:0 a.m.62 views

Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Sun Java Web Start Plugin Command Line Argument Injection', 'Description' = %q This module exploits a flaw in the Web Start...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2010/03/15 12:0 a.m.46 views

Skype URI Handler Input Validation

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Skype URI Handler Input Validation Versions affected: All versions prior to 4.2.0.1.55 v4.2 hotfix 1 +-----------+ |Description| +-----------+ The Windows Skype client implements tw...

Exploits0
seebug.org
seebug.org
added 2010/03/12 12:0 a.m.42 views

Skype - URI Handler Input Validation

No description provided by source. Description The Windows Skype client implements two URI handlers, Skype: and Skype-Plugin. Both handlers allow for easy browser integration and are supported by all modern browsers. When a Skype link is clicked, the Skype.exe process is spawned with the /URI:...

7.1AI score
Exploits0
Prion
Prion
added 2007/05/02 12:19 a.m.13 views

Information disclosure

ManageEngine PasswordManager Pro PMP allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are...

10CVSS7.1AI score0.08024EPSS
Exploits1References2
securityvulns
securityvulns
added 2005/03/19 12:0 a.m.39 views

Java Web Start argument injection vulnerability

OVERVIEW ======== Java Web Start is a technology for easy client-side deployment of Java applications. "Using Java Web Start technology, standalone Java software applications can be deployed with a single click over the network" from Sun Microsystems's website. Java Web Start is installed with Ja...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2004/08/05 12:0 a.m.9 views

Microsoft Internet Explorer 6 - mms Protocol Handler Executable Command Line Injection

Microsoft Internet Explorer 6 - mms Protocol Handler Executable Command Line Injection source: https://www.securityfocus.com/bid/10879/info A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2004/08/05 12:0 a.m.20 views

Microsoft Internet Explorer 6 - mms Protocol Handler Executable Command Line Injection

source: https://www.securityfocus.com/bid/10879/info A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler. Windows Media Player is the...

7AI score
Exploits0
OSV
OSV
added 2003/03/03 5:0 a.m.8 views

CVE-2003-0070

VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containin...

7AI score
Exploits0References5
OSV
OSV
added 2003/03/03 5:0 a.m.4 views

DEBIAN-CVE-2003-0068

The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker t...

7.5CVSS7.5AI score0.01944EPSS
Exploits0References1
Rows per page
Query Builder