vBulletin replaceAdTemplate - Remote Code Execution

vBulletin versions 5.0.0 through 6.0.3 contain a Remote Code Execution RCE vulnerability in the ajax/api/ad/replaceAdTemplate endpoint. This flaw arises from improper use of PHP's Reflection API, allowing unauthenticated attackers to invoke protected controller methods. By injecting a crafted...

EUVD-2013-0439

Malware in sbrugna...

EUVD-2020-26765

Malware in sbrugna...

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

SUSE CVE-2004-1029

The Sun Java Plugin capability in Java 2 Runtime Environment JRE 1.4.201, 1.4.204, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using th...

SUSE CVE-2005-3906

Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.208 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of...

SUSE CVE-2005-3905

Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.115 and earlier, 1.4.208 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a differen...

SUSE CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by 1 using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using t...

CVE-2022-40983

CVE-2022-40983 affects Qt 6.3.2, specifically the QML QtScript Reflect API, where a crafted JavaScript input can trigger an integer overflow during memory allocation, enabling arbitrary code execution when loading a malicious page. The issue has been addressed in Qt 6.4.1, with backports to 6.2 a...

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

Deserialization of untrusted data

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

ysoserial

This is a Java tool called ysoserial, which is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool is designed to create payloads that can be used to execute arbitrary code on a Java application that performs unsafe deserialization of objects...

CVE-2020-5604

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

Design/Logic Flaw

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

CVE-2020-5604

CVE-2020-5604 affects the Android App “Mercari” (Japan version) prior to version 3.52.0. The vulnerability arises from inadequate restrictions on addJavascriptInterface in WebView, enabling a remote attacker to trigger arbitrary Java method execution via Java Reflection API from JavaScript code o...

CVE-2020-5604

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object

Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...

Sandbox Restrictions Bypass

openjdk is vulnerable to sandbox restrictions bypass. An improper permission check issue was discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

Authorization Bypass

OpenJDK is vulnerable to authorization bypass. An improper permission check in the reflection API allows a remote attacker to bypass the Java sandbox restrictions and obtain unauthorized access to resources...