Security Bulletin: RMI vulnerability in Java, as used with WebSphere eXtreme Scale

Abstract A security vulnerability in the Remote Method Invocation component of the Java Runtime Environment allows unauthenticated network attacks which can result in unauthorized operating system takeover including arbitrary code execution. Content VULNERABILITY DETAILS: CVE-2013-1537 A...

CVE-2018-19012

The CVE-2018-19012 issue affects Dräger Infinity Delta, Delta XL, Kappa, and Infinity Explorer C700 (all versions). The root cause is improper privilege management in a dialog that allows breaking out of kiosk mode, enabling an attacker to reach the underlying OS and take control of the system. T...

Security Bulletin: January 2016 Java Platform Standard Edition Vulnerabilities in Multiple N Series Products

Summary Multiple N Series Products incorporate the Oracle Java Platform, Standard Edition Java SE software libraries. Java SE JDK and JRE versions below 6u111, 7u95, and 8u72 and OpenJDK versions below 1.7.0.95 and 1.8.0.71 are susceptible to multiple vulnerabilities, potentially leading to an...

Security Bulletin: Java Platform Standard Edition Vulnerability in Multiple N Series Products (CVE-2016-0636)

Summary Multiple N Series Products incorporate the Oracle Java Platform, Standard Edition Java SE software libraries. Java SE versions 7u97, 8u73 and 8u74 are susceptible to a vulnerability, potentially leading to an unauthorized Operating System takeover including arbitrary code execution...

Security Bulletin: January 2015 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products

Summary Multiple N series products incorporate the Java Runtime Environment JRE software libraries. JRE versions up to 8u31 and 7u75 are susceptible to multiple vulnerabilities, potentially leading to an unauthorized Operating System takeover including arbitrary code execution, a partial denial o...

Solaris 10 (sparc) : 144221-12

Vulnerability in the Solaris Cluster component of Oracle and Sun Systems Products Suite subcomponent: Zone Cluster Infrastructure. Supported versions that are affected are 3.2, 3.3 and 4 prior to 4.1 SRU 3. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of...

Solaris 10 (x86) : 119784-25

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

Solaris 10 (x86) : 119784-29

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Bind/Postinstall script for Bind package. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component o...

Solaris 10 (sparc) : 148407-01

Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Utility/Umount. Supported versions that are affected are 9 and 10. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful...

Oracle Solaris Critical Patch Update : jan2016_SRU11_3_4_5_0

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Grub2. The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating...

jdk8-openjdk: multiple issues

CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6549 arbitrary code execution Incorrect class loader permission check in ClassLoader...

jdk7-openjdk: multiple issues

CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6585 out-of-bounds read Allows remote attackers to affect confidentiality via font parsing...

jre7-openjdk-headless: multiple issues

CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6587 privilege escalation MulticastSocket NULL pointer dereference allows local users to...

Lomtec ActiveWeb Professional 3.0 CMS Allows Arbitrary File Upload and Execution as SYSTEM in ColdFusion (2010-WEB-002) (CERT VU#528212)

------------------------------------------------------------------------------------- www.ExploitDevelopment.com 2010-WEB-002 CERT VU870532 Security Focus BID 45985 ------------------------------------------------------------------------------------- TITLE: Lomtec ActiveWeb Professional 3.0 CMS...

Lomtec ActiveWeb Professional 3.0 CMS Shell Upload / SYSTEM Execution

------------------------------------------------------------------------------------- www.ExploitDevelopment.com 2010-WEB-002 CERT VU870532 Security Focus BID 45985 ------------------------------------------------------------------------------------- TITLE: Lomtec ActiveWeb Professional 3.0 CMS...