103 matches found
WordPress Core Flash File Same-Origin Method Execution (CVE-2016-4566)
A same-origin method execution vulnerability exists in WordPress Core Flash File. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Pornhub: Same-Origin Method Execution bug in plupload.flash.swf on /insights
The researcher discovered a Same-Origin Method Execution SOME vulnerability on Pornhub's Insights blog. An insecure URL sanitization process was performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars in case they have been set GET parameters but fails to do so...
WordPress SOME bug in plupload.flash.swf
WordPress SOME bug in plupload.flash.swf Intro WordPress 4.5.1 is vulnerable against a Same-Origin Method Execution SOME vulnerability that stems from an insecure URL sanitization process performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they ha...
WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
Description Affects 'wp-includes/js/plupload/plupload.flash.swf'...
JVN#70465405: Yodobashi App for Android vulnerable to arbitrary Java method execution
Yodobashi App for Android provided by Yodobashi Camera Co.,Ltd. contains a vulnerability where an arbitrary Java method may be executed. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android devices...
WordPress 3.9-4.1.1 - Same-Origin Method Execution
...
CVE-2014-0003
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...
CVE-2014-0257
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via 1 a crafted web site or 2 a crafted .NET Framework application that exposes a COM serve...
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
This host is running Apache Struts2 and is prone to arbitrary java method execution vulnerabilities. OpenVAS Vulnerability Test $Id: gbapachestruts2javamethodexecvuln.nasl 8373 2018-01-11 10:29:41Z cfischer $ Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities...
Cybozu Live for Android vulnerable to arbitrary Java method execution
Overview Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Note that this vulnerability is a regression in version 2.0.0 of the issue in JVN23009798. Gaku Mochizuki of Mitsui Bussan Secure Directions,...
Cybozu KUNAI for Android vulnerable to arbitrary Java method execution
Overview Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability. Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker...
JVN#23568423: Cybozu KUNAI for Android vulnerable to arbitrary Java method execution
Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...
CVE-2012-4008
The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site...
JVN#23009798: Cybozu Live for Android vulnerable to arbitrary Java method execution
Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...
Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Overview Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Direction...
JVN#99730704: Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in...
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
This host is running Apache Struts Showcase and is prone to java method execution vulnerability. OpenVAS Vulnerability Test $Id: gbapachestrutsshowcasejavamethodexecvuln.nasl 5841 2017-04-03 12:46:41Z cfi $ Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability Authors: Antu Sanadi...
Apache Struts 2 vulnerable to an arbitrary Java method execution
Overview Apache Struts 2 contains an arbitrary Java method execution vulnerability. Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is...
JVN#79099262: Apache Struts 2 vulnerable to an arbitrary Java method execution
Apache Struts 2 is a framework to create Java web applications. Apache Struts 2 contains an arbitrary Java method execution vulnerability due to improper conversion in OGNL expression if a non-string property is contained in action. Impact If a remote attacker sends a malformed request parameter ...
IBM DB2 < 8 Fix Pack 15 / 9.x < 9 Fix Pack 3 Multiple Vulnerabilities
Binary data 4239.prm...