CVE-2020-11975

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...

Design/Logic Flaw

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...

Server-Side Template Injection

pebble is vulnerable to server-side template injection. The fix for an older vulnerability that validates for getClass can be bypassed to inject arbitrary code through the template using Java classes that have TYPE static field containing values that is an instance of java.lang.Class. For example...

GHSA-MWP6-J9WF-968C Critical severity vulnerability that affects generator-jhipster

Account takeover and privilege escalation is possible in applications generated by generator-jhipster before 6.3.0. This is due to a vulnerability in the generated java classes: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator PRNG Generated applications must be manually...

Critical severity vulnerability that affects generator-jhipster

Account takeover and privilege escalation is possible in applications generated by generator-jhipster before 6.3.0. This is due to a vulnerability in the generated java classes: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator PRNG Generated applications must be manually...

Progress Software OpenEdge Design Vulnerability

Progress Software OpenEdge is a suite of e-commerce platforms from Progress Software, USA. A security vulnerability exists in Progress Software OpenEdge versions 10.2x and 11.x, which is caused by an insecure default setting. The vulnerability can be exploited by remote attackers to load and remo...

Default configuration

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931...

CVE-2015-9245

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931...

CVE-2015-9245

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931...

CVE-2014-8903

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors...

Code injection

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors...

JRuby Sandbox 0.2.2 - Sandbox Escape

No description provided by source. Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +-+++ Authors joernchen joernchen phenoelit de Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox = 0.2.2 https://github.com/omghax/jruby-sandbox Vendor communication 2014-04-22 Send...

JRuby Sandbox 0.2.2 - Sandbox Escape

JRuby Sandbox 0.2.2 - Sandbox Escape Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport,...

JRuby Sandbox 0.2.2 Bypass

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products jruby-sandbox e puts "fail via Ruby ;" end puts "Now for some Java" sand.eval"Kernel.send :javaimport, 'java.lang.ProcessBuilder'" sand.eval"Kernel.send :javaimport, 'java.util.Scanner'" sand.eval"s =...

[Binrev] Automate Reversing Windows Binaries for Pentesters

What you can do with this? Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities. Import decompiled projects to an IDE to reconstruct and modify the original source...

Zend Server Java Bridge Remote Code Execution

Added: 04/08/2011 BID: 47060 OSVDB: 71420 Background Zend Server is an enterprise web application server for hosting PHP applications. Problem The Zend Server Java Bridge allows PHP applications to execute methods in Java classes. The Java Bridge does not validate that requests to execute Java co...

Zend Server Java Bridge Remote Code Execution

Added: 04/08/2011 BID: 47060 OSVDB: 71420 Background Zend Server is an enterprise web application server for hosting PHP applications. Problem The Zend Server Java Bridge allows PHP applications to execute methods in Java classes. The Java Bridge does not validate that requests to execute Java co...

Zend Server Java Bridge Remote Code Execution

Added: 04/08/2011 BID: 47060 OSVDB: 71420 Background Zend Server is an enterprise web application server for hosting PHP applications. Problem The Zend Server Java Bridge allows PHP applications to execute methods in Java classes. The Java Bridge does not validate that requests to execute Java co...

CVE-2007-2115

Unspecified vulnerability in the Change Data Capture CDC component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in t...

security flaw

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier 1 allow access to restricted Java classes via JavaScript and 2 do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary file...