Remote Code Execution

xalan:xalan is vulnerable to remote code execution. An attacker is able to corrupt Java class files generated by the internal XSLTC compiler and execute harmful Java bytecodes on the host machine due to an integer truncation flaw which occurs during XSLT style sheet processing...

Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. A fix for this issue was published in September 20...

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

CVE-2022-34169

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

USN-5313-1: OpenJDK vulnerabilities

It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. CVE-2022-21248 It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issu...

Aiven Ltd: Apache Flink RCE via GET jar/plan API Endpoint

Summary: Aiven has not restricted access to the GET jars/jarid/plan API. This endpoint can be used to load java class files with the specified arguments that are in the java classpath on the server. This can be abused to gain RCE on the Apache Flink Server. Steps To Reproduce: The video below sho...

CVE-2014-0731

The administration interface in Cisco Unified Communications Manager Unified CM 10.01 and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497...

Cisco Unified Communications Manager Java Class File Availability Vulnerability

A vulnerability in the administration interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to access Java class files. The vulnerability is due to insufficient authentication enforcement. An attacker could exploit this vulnerability by...

CVE-2002-1860

Pramati Server 3.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

CVE-2002-1855

Macromedia JRun 3.0 through 4.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

CVE-2002-1857

jo! jo Webserver 1.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

CVE-2005-1022

ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information...

Macromedia Security Bulletin - ColdFusion MX 6.1

MPSB05-02 - Workaround available for ColdFusion MX 6.1 Updater file disclosure. Originally posted: April 7, 2005 http://www.macromedia.com/go/mpsb05-02 Summary: ColdFusion 6.1 Updater 1 in the ColdFusion MX for JRun4 configuration only creates a /WEB-INF/cfclasses directory under the web server...