Default configuration

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension JCE key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE...

CVE-2008-4368

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension JCE key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE...

CVE-2008-4368

The CVE-2008-4368 notice concerns macOS X 10.5.4/10.5.5 running Java 1.5, where the default jurisdiction policy caps JCE key sizes at 128 bits. This weakens cryptographic strength and can make decryption of JCE-produced ciphertext easier, per the NVD entry. Connected sources corroborate the same ...

CVE-2006-6419

jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor JCE 1.1.0 beta 2 and earlier for Joomla! comjce allows remote attackers to include and possibly execute arbitrary local files via the 1 plugin or 2 file parameter. NOTE: The provenance of this information is unknown; the...

CVE-2006-6419

CVE-2006-6419 affects Joomla! JCE Admin Component (com_jce) 1.1.0 beta2 and earlier. The vulnerability is a local file include/remote code execution issue in jce.php, where the (1) plugin or (2) file parameter can be used to include arbitrary local files, potentially executing PHP code on the ser...

CVE-2006-6420

Multiple cross-site scripting XSS vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor JCE 1.1.0 beta 2 and earlier for Joomla! comjce allow remote attackers to inject arbitrary web script or HTML via the 1 img, 2 title, 3 w, or 4 h parameter, different vecto...

CVE-2006-6420

Technical details about CVE-2006-6420 are not provided in the connected documents. The initial description covers XSS in Joomla JCE, but there are no added specifics (products, versions, vectors) in the supplied materials. Monitor for updates.

JCE Admin Component for Joomla! 'plugin' Parameter Local File Include

The version of the JCE Admin component for Joomla! running on the remote host is affected by a local file include vulnerability due to improper sanitization of user-supplied input to the 'plugin' parameter before using it in the components/comjce/jce.php script to include PHP code. Regardless of...

CVE-2006-6166

Cross-site scripting XSS vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor JCE 1.0.4 for Joomla! comjce, without the 20060821 jcepatch, allows remote attackers to inject arbitrary web script or HTML via the mosConfiglivesite parameter...

CVE-2006-6166

Summary: CVE-2006-6166 is an XSS vulnerability in the Joomla Content Editor (JCE) Admin Component (com_jce) for Joomla! version 1.0.4, exploitable via the mosConfig_live_site parameter when the 20060821 jce_patch is not applied. The issue is caused by unsanitized input in jce.php (JCE Admin Compo...

CVE-2006-6166

Cross-site scripting XSS vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor JCE 1.0.4 for Joomla! comjce, without the 20060821 jcepatch, allows remote attackers to inject arbitrary web script or HTML via the mosConfiglivesite parameter...