14 matches found
EUVD-2007-3730
Malware in sbrugna...
EUVD-2007-3731
Malware in sbrugna...
EUVD-2007-3729
Malware in sbrugna...
Critical Cisco Bug in Unified CCX Allows Remote Code Execution
Cisco has hurried out a fix out for a critical remote code-execution flaw in its customer interaction management solution, Cisco Unified Contact Center Express CCX. Cisco’s Unified CCX software is touted as a “contact center in a box” that allows companies to deploy customer-care applications. Th...
[SECURITY] Fedora 22 Update: jffi-1.2.7-5.fc22
An optimized Java interface to libffi...
Cisco Unified Communications Manager Java Interface SQL Injection Vulnerability
A vulnerability in the Java database interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to impact the integrity of the system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input...
Android Browser and WebView addJavascriptInterface - Code Execution
通过JavaScript,可以访问当前设备的SD卡上面的任何东西,甚至是联系人信息,短信等。 1,WebView添加了JavaScript对象,并且当前应用具有读写SDCard的权限,也就是:android.permission.WRITEEXTERNALSTORAGE 2,JS中可以遍历window对象,找到存在“getClass”方法的对象的对象,然后再通过反射的机制,得到Runtime对象,然后调用静态方法来执行一些命令,比如访问文件的命令. 3,再从执行命令后返回的输入流中得到字符串,就可以得到文件名的信息了。然后想干什么就干什么,好危险。核心JS代码如下: function...
CVE-2014-3287
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager Unified CM allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337...
CVE-2014-3287
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager Unified CM allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337...
CVE-2014-3287
Affected software : Cisco Unified Communications Manager (Cisco Unified CM) – Java interface, specifically the BulkViewFileContentsAction.java. Vulnerability : SQL injection via crafted filename parameters in a URL, leading to arbitrary SQL execution. Impact : Authenticated, remote attacker could...
Java-API calls in untrusted Javascript allow network privilege escalation
Unspecified vulnerability in Sun JDK and Java Runtime Environment JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java AP...
CVE-2007-3747
CVE-2007-3747 affects Apple Mac OS X 10.3.9 and 10.4.10 via the CoreAudio Java interface. The issue allows remote attackers to execute arbitrary code by crafting an applet because object instantiation/manipulation is not restricted to valid heap addresses. Public sources describe this as a remote...
Citrix MetaFrame DoS
Requesting large window size in javainterface causes server to crash...
Crashing any Windows NT TSE running MetaFrame 1.8
PreScriptum: I posted this at thin-world.community.everyone.net first. -------------------------------------------------------------------------------- I tried to contact Citrix about this bug i found, but they warn't interested. Haven't heared from them. So i'm posting it on a public forum for...