OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

Fedora 16 : java-1.6.0-openjdk-1.6.0.0-69.1.11.6.fc16 (2013-1898)

Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Updated to icedtea6 1.11.6 - Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at construction...

DedeCms V57 plus/search. php file to SQL injection-vulnerability warning-the black bar safety net

Twitter on seen on the analysis,this exploit is more than one place can be utilized. Can actually disregard magicquotesgpc = On. Really not tasteless. Author: [email protected] Dedecms latest version plus/search.php file there is a variable override vulnerability,successfully exploited this...

CVE-2012-3872

Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

CVE-2012-3870

Multiple cross-site scripting XSS vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 name or 2 description parameter...

CVE-2012-3871

Cross-site scripting XSS vulnerability in data/hybrid/ihybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter...

Sql injection

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 name or 2 description parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...

Cross site scripting

Cross-site scripting XSS vulnerability in data/hybrid/ihybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter...

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

CVE-2012-3872

Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...

CVE-2012-3873

OpenConstructor CMS 3.12.0 is vulnerable to multiple SQL injections via the id parameter in several edit pages (gallery, guestbook, file, htmltext, publication, event). Root cause: code calls get_record($_GET['id']) without input validation; authenticated attackers can execute arbitrary SQL queri...

CVE-2012-3870

OpenConstructor CMS 3.12.0 contains Stored XSS in objects/createobject.php. The vulnerable code assigns user-supplied POST values name and description to an object without HTML escaping, enabling an authenticated user to inject arbitrary script that can run in other users’ browsers. Affected prod...

CVE-2012-3872

CVE-2012-3872 affects Open Constructor 3.12.0. The vulnerability is a set of reflected XSS flaws in which user-supplied input can be injected via three parameters: (1) result in data/file/edit.php, (2) q in confirm.php, and (3) keyword in users/users.php. Exploitation would allow remote attackers...

CVE-2012-3871

Cross-site scripting XSS vulnerability in data/hybrid/ihybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter...

CVE-2012-3870

Multiple cross-site scripting XSS vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 name or 2 description parameter...

CVE-2012-3871

CVE-2012-3871 describes a stored XSS vulnerability in Open Constructor 3.12.0, exposed through the header parameter in data/hybrid/i_hybrid.php when creating a catalogue document. Exploitation requires an authenticated user, who can inject arbitrary scripting/HTML that may execute in other users’...