37 matches found
EUVD-2007-4272
Malware in sbrugna...
EUVD-2015-4554
Malware in sbrugna...
hsqldb: Untrusted input may lead to RCE attack
A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...
Apache Groovy Provides Resource Management Error Vulnerability
Apache Groovy is the United States Apache Apache Software Foundation of a Java-based platform for object-oriented programming language, which combines many powerful features of Python, Ruby and Smalltalk. A resource management error vulnerability exists in the Apache Groovy provides product that...
JVN#62161191: JavaFX WebEngine does not properly restrict Java method execution
JavaFX, GUI library for Java applications, is provided with OracleJDK 7 through 10. Since OracleJDK 11, JavaFX is separately maintained and developed by OpenJFX project under OpenJDK community. JavaFX WebEngine component is capable of web content rendering, and possible to be configured to allow...
ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2015-131 CVE Identifier: CVE-2015-4531, CVE-2015-4532, CVE-2015-4533, CVE-2015-4534, CVE-2015-4535, CVE-2015-4536 Severity Rating: CVSS v2 Base Score: See below f...
CVE-2015-4535
Java Method Server JMS in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when debugtrace is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing ...
CVE-2015-4535
Java Method Server JMS in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when debugtrace is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing ...
CVE-2015-4535
CVE-2015-4535 affects EMC Documentum Content Server where Java Method Server (JMS) can be exploited when debug_trace is enabled to let remote authenticated users gain super-user privileges by reading a log containing a login ticket. This is part of a set of vulnerabilities in the ESA-2015-131 adv...
CVE-2015-4534
EMC Documentum Content Server’s Java Method Server (JMS) contains a vulnerability (CVE-2015-4534) where JMS fails to validate signatures for query strings missing the method_verb parameter, allowing remote authenticated users to forge signatures and execute arbitrary code in the JMS context. Affe...
Yodobashi Camera Yodobashi APP for Android Sensitive Information Disclosure Vulnerability
Yodobashi Camera Yodobashi Camera is another more outstanding representative of Japan's urban home appliance mass market.Yodobashi Camera Yodobashi APP for Android is Yodobashi Camera Yodobashi for Android App. A security vulnerability exists in the Yodobashi Camera Yodobashi APP for Android...
Yodobashi App for Android vulnerable to arbitrary Java method execution
Overview Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. contains a vulnerability where an arbitrary Java method may be executed. Kusano Kazuhiko reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...
JVN#70465405: Yodobashi App for Android vulnerable to arbitrary Java method execution
Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. contains a vulnerability where an arbitrary Java method may be executed. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android devices...
TSUTAYA App for Android vulnerable to arbitrary Java method execution
Overview TSUTAYA App for Android contains a vulnerability where an arbitrary Java method may be executed. Ryohei Koike of Sakura Information Systems Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
JVN#97384696: TSUTAYA App for Android vulnerable to arbitrary Java method execution
TSUTAYA App for Android contains a vulnerability where an arbitrary Java method may be executed. Impact When viewing a specially crafted web page, an arbitrary Java method may be executed. Solution Update the software Update to the latest version according to the information provided by the...
CVE-2014-0003
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...
Android OS vulnerable to arbitrary Java method execution
Overview Android OS contains a vulnerability where an arbitrary Java method may be executed. Tamami Eguchi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When viewing a specially crafted page using the...
JVN#53768697: Android OS vulnerable to arbitrary Java method execution
Android OS contains a vulnerability where an arbitrary Java method may be executed. Impact When viewing a specially crafted page using the standard Android browser or an other application that uses the WebView class, Android OS may be rebooted or arbitrary code may be executed without intent from...
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
This host is running Apache Struts2 and is prone to arbitrary java method execution vulnerabilities. OpenVAS Vulnerability Test $Id: gbapachestruts2javamethodexecvuln.nasl 8373 2018-01-11 10:29:41Z cfischer $ Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities...
JDK: Unspecified security fixes (July 2013)
The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 improperly exposes the invoke method of the java.lang.reflect.Method class, which allows remote attackers to call...