Unspecified Arbitrary Code Execution Vulnerability in Oracle Java SE RMI Subware

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE RMI subcomponent, which allows an unauthenticated attacker to exploit the vulnerability to attack over multiple...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

UBUNTU-CVE-2015-0408

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

OpenJDK: incorrect context class loader use in RMI transport (RMI, 8055309)

An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

condor: mailx invocation enables code execution as condor user

The HTCondor scheduler can optionally notify a user of completed jobs by sending an email. Due to the way the daemon sent the email message, authenticated users able to submit jobs could execute arbitrary code with the privileges of the condor user...

CVE-2014-3464

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers...

CVE-2014-3464

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers...

Common Desktop Environment <= 2.1 20,Solaris <= 7.0 dtspcd Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/636/info This explanation is quoted from the initial post on this problem by Job De Hass. This message is available in its entirety in the 'Credit' section of this vulnerability entry. The CDE subprocess daemon...

Caldera X Server 7.1/8.0 External Program Privileged Invocation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/5575/info Caldera's X Server implementation invokes external commands without dropping existing privilege levels. Xserver calls xkbcomp, and other related utilities, in an unsecure manner using the popen or system calls...

CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are...

Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7119/info Ximian Evolution does not properly validate MIME image/ Content-Type fields. If an email message contains an image/ Content-Type, any type of data can be embedded where the image information is expected. This ca...

DEBIAN-CVE-2014-0466

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...

UBUNTU-CVE-2012-6636

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...

JBOSS 1 0 9 9 port remote method invocation vulnerability-vulnerability warning-the black bar safety net

Bird brother a few days ago sent me an article that is a java vulnerability, about 1 0 9 9 port may be remote method invocation thing. I suddenly think of it, had to XCON2012 of time, due to“forgotten”so there is no mention of a problem is a JBOSS remote code execution vulnerability. The domestic...

Cisco Secure ACS RMI Arbitrary File Read (CSCud75169)

The version of Cisco Secure Access Control System ACS on the remote host is affected by a vulnerability in the Remote Method Invocation RMI interface. Due to insufficient authorization enforcement, this issue could allow a remote, authenticated attacker to read arbitrary files on the ACS server. ...

Cisco Secure ACS RMI Arbitrary File Read Vulnerability

A vulnerability in the Remote Method Invocation RMI interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to read arbitrary files on the Cisco Secure ACS server. The vulnerability is due to insufficient authorization enforcement. An attacker could...

CVE-2014-0649

The CVE-2014-0649 issue affects Cisco Secure Access Control System (ACS) 5.x before 5.5, where the RMI interface does not properly enforce authorization, enabling a remote authenticated user to gain superadmin access via the RMI interface (Bug ID CSCud75180). Connected Cisco advisories confirm an...

Linux Kernel (Ubuntu 11.10/12.04) - binfmt_script Stack Data Disclosure

Source: http://www.halfdog.net/Security/2012/LinuxKernelBinfmtScriptStackDataDisclosure/ Introduction Problem description: Linux kernel binfmtscript handling in combination with CONFIGMODULES can lead to disclosure of kernel stack data during execve via copy of data from dangling pointer to stack...

RHEL 5 : JBoss EAP (RHSA-2013:1784)

An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common...