21 matches found
EUVD-2005-3941
Malware in sbrugna...
EUVD-2012-2482
Malware in sbrugna...
EUVD-2002-1242
Malware in sbrugna...
EUVD-2011-2034
Malware in sbrugna...
EUVD-2025-14355
Malicious code in bioql PyPI...
CVE-2025-30012
The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this malicious request which will result in...
CVE-2025-30009
he Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and...
CVE-2025-30011
The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected...
CVE-2025-30012
The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component, which allows an unauthenticated attacker to send malicious payload request in a specific encoding format. The servlet will then decode this malicious request which will result in...
CVE-2025-30012
CVE-2025-30012 affects the SAP SRM Live Auction Cockpit component, where a deprecated Java applet enables an unauthenticated attacker to trigger deserialization of a crafted payload, leading to execution of arbitrary OS commands with SAP Administrator privileges. The cited impact is high on confi...
PT-2025-20805 · Sap · Sap Srm
Name of the Vulnerable Software and Affected Versions: SAP Supplier Relationship Management SRM affected versions not specified Description: The Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated Java applet component, allowing an unauthenticated attacker to execut...
MGASA-2013-0248 Updated firefox and thunderbird packages fix security vulnerabilities
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
CVE-2009-1837
Race condition in the NPObjWrapperNewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for...
GLSA-200411-38 : Sun and Blackdown Java: Applet privilege escalation
The remote host is affected by the vulnerability described in GLSA-200411-38 Sun and Blackdown Java: Applet privilege escalation All Java plug-ins are subject to a vulnerability allowing unrestricted Java package access. Impact : A remote attacker could embed a malicious Java applet in a web page...
Sun and Blackdown Java: Applet privilege escalation
Background Sun and Blackdown both provide implementations of Java Development Kits JDK and Java Runtime Environments JRE. All these implementations provide a Java plug-in that can be used to execute Java applets in a restricted environment for web browsers. Description All Java plug-ins are subje...
Sun Java Plugin 1.4 - Unauthorized Java Applet Floppy Access
Sun Java Plugin 1.4 - Unauthorized Java Applet Floppy Access source: https://www.securityfocus.com/bid/8867/info A weakness has been reported in Java implementations that may constitute unauthorized access by Java applets to floppy devices. This weakness appears to present a flaw in the Java...
CVE-2003-0111
The ByteCode Verifier component of Microsoft Virtual Machine VM build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise....
Microsoft Virtual Machine - Arbitrary Java Codebase Execution
Microsoft Virtual Machine - Arbitrary Java Codebase Execution source: https://www.securityfocus.com/bid/1812/info An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victims via HTML email or a website. Any arbitrary codebase...
Microsoft Virtual Machine - Arbitrary Java Codebase Execution
source: https://www.securityfocus.com/bid/1812/info An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victims via HTML email or a website. Any arbitrary codebase can be referenced by a java applet that was loaded by an tag i...