ManageEngine Desktop Central Remote Security Bypass (Intrusive Check)

The version of ManageEngine Desktop Central running on the remote host is affected by a remote security bypass vulnerability, due to a failure to restrict access to 'DCPluginServelet'. This allows an unauthenticated, remote attacker to create an account with full administrative privileges within...

Jetty Information Disclosure Vulnerability

Jetty is an open source servlet container , it is based on Java web content , such as JSP and servlet to provide a runtime environment . Jetty has an information disclosure vulnerability that allows attackers to obtain sensitive information...

OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)

An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)

An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)

An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)

An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

Unspecified Vulnerability in Oracle Java SE Serviceability Subpart (CNVD-2015-00554)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE Serviceability subcomponent, which allows an attacker to build untrustworthy Java Web Start applications and...

Oracle Java SE Install Subcomponent Local Arbitrary Code Execution Vulnerability

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE Install subcomponent, which allows an attacker to build untrusted Java Web Start applications and untrusted Java...

Unspecified Vulnerability in Oracle Java SE Deployment Subcomponent (CNVD-2015-00562)

Oracle Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability exists in the Oracle Java SE Deployment subcomponent, which allows an attacker to build untrustworthy Java Web Start applications and untrustwort...

OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)

An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)

An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

CVE-2014-9199

The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic...

Code injection

The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic...

CVE-2014-9199 Clorius Controls A/S ISC SCADA Insecure Java Client Inadequate Encryption Strength

The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic...

Clorius Controls A/S Java Web Client Information Disclosure Vulnerability

Clorius Controls A/S is an industrial control system software. An information disclosure vulnerability exists in the Clorius Controls A/S Java Web client due to the program failing to properly handle authentication credential encryption. This vulnerability could be exploited by an attacker to sni...

[ANN] Apache Struts 2.3.20 GA release available with security fix

The Apache Struts group is pleased to announce that Apache Struts 2.3.20 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is...

JVN#19118282: Seasar S2Struts vulnerable to ClassLoader manipulation

Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Impact On a server...

Oracle Sun Java System Web Server - HTTP Response Splitting

No description provided by source...

Java Deployment Toolkit Performs Insufficient Validation of Parameters

No description provided by source. Java Deployment Toolkit Performs Insufficient Validation of Parameters ------------------------------------------------------------------------- Java Web Start henceforth, jws provides java developers with a way to let users launch and install their applications...

Sun Java Web Start 1.0/1.2 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31916/info Sun Java Web Start is prone to a remote command-execution vulnerability. Successful exploits may allow attackers to execute arbitrary commands on an unsuspecting user's computer. This may aid in further attacks...