62 matches found
PT-2026-2336
Name of the Vulnerable Software and Affected Versions SAP Wily Introscope Enterprise Manager WorkStation affected versions not specified Description An unauthenticated attacker can create a malicious Java Network Launch Protocol JNLP file accessible via a public URL. When a victim clicks this URL...
SAP Wily Introscope Enterprise Manager 代码注入漏洞
SAP Wily Introscope Enterprise Manager is an application performance management component from SAP, Germany. A code injection vulnerability exists in SAP Wily Introscope Enterprise Manager, which stems from the use of a vulnerable third-party component, and could allow an unauthenticated attacker...
EUVD-2005-0419
Malware in sbrugna...
EUVD-2019-2210
Malware in sbrugna...
EUVD-2020-5893
Malware in sbrugna...
EUVD-2009-3837
Malware in sbrugna...
SUSE CVE-2005-0836
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.206 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file...
SUSE CVE-2009-3866
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an...
Ivanti Avalanche JNLP File Improper Access Control Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of JNLP files. The issue results from improper access control. An attacker...
CVE-2020-13651
An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client...
Arbitrary Code Execution
ibm java is vulnerable to arbitrary code execution. An attacker is able to execute arbitrary code by modifying certain JNLP file to point a URL to an untrusted application...
PT-2019-2900 · Icedtea +4 · Icedtea-Web +4
Name of the Vulnerable Software and Affected Versions: IcedTea-Web versions 1.7.2 and 1.8.2 Description: The issue is related to the improper sanitization of paths from jar/ elements in JNLP files. This could allow an attacker to trick a victim into running a specially crafted application,...
Security vulnerabilities fixed in Firefox 67 — Mozilla
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...
UBUNTU-CVE-2019-11696
Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...
PT-2015-04: JNLP File Inclusion in Inductive Automation Ignition
The specialists of the Positive Research center have detected a JNLP File Inclusion vulnerability in Inductive Automation Ignition. Adding any symbols to users’ web request for starting Java applet allow including into jnlp file in the field indicating applet to be executed. By manipulating this...
Java Web Start Double Quote Injection Remote Code Execution
No description provided by source. ======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0 Version: At least Java 1.6.31 to 1.6.35 a...
Sun Java Runtime Environment 1.6 - Web Start JNLP File Stack Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24832/info Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. A...
SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 7981)
This update to IcedTea-Web 1.4 provides the following fixes and enhancements : - Security updates - RH916774: Class-loader incorrectly shared for applets with same relative-path. CVE-2013-1926 - RH884705: fixed gifar vulnerabilit. CVE-2013-1927 - RH840592: Potential read from an uninitialized...
Sun Java Web Start Double Quote Injection
======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0 Version: At least Java 1.6.31 to 1.6.35 and 1.7.03 to 1.7.07 Tested on:...
Java Applet Driver Manager Privileged toString() Remote Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...