30 matches found
EUVD-2020-30329
Malware in sbrugna...
CVE-2024-25607
The default password hashing algorithm PBKDF2-HMAC-SHA1 in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers...
CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency CISA on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 CVSS score: 8.6, which...
CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency CISA on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 CVSS score: 8.6, which...
KB3205054 - Cumulative Update 16 for SQL Server 2012 SP2
KB3205054 - Cumulative Update 16 for SQL Server 2012 SP2 This article describes cumulative update package 16 build number: 11.0.5678.0 for Microsoft SQL Server 2012 Service Pack 2 SP2. This update contains fixes that were released after the release of SQL Server 2012 SP2. Cumulative update...
Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Controller (CVE-2016-7055)
Summary An OpenSSL vulnerability was found in IBM Security Network Controller. IBM Security Network Controller has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-7055 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific...
Cross site scripting
Cross-site scripting XSS vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Mac OS X : Java for Mac OS X 10.6 Update 16
The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 16, which updates the Java version to 1.6.051. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the...
Sun Java - JRE AWT setDiffICM Buffer Overflow (Metasploit)
$Id: javasetdifficmbof.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Design/Logic Flaw
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071...
Code injection
Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF an...
CVE-2008-5341
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071...
CVE-2008-5353
The Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and...
CVE-2008-5359
Buffer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the...
CVE-2008-5340
CVE-2008-5340 concerns an unspecified vulnerability in Java Web Start (JWS) and Java Plug-in affecting Sun JDK/JRE lines: Java SE 6 Update 10 and earlier; Java SE 5.0 Update 16 and earlier; and SDK/JRE 1.4.2_18 and earlier. The untrusted JWS applications can gain privileges to access local files ...
CVE-2008-5339
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka...
CVE-2008-5360
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...
CVE-2008-5351
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications...
CVE-2008-5353
The Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and...
CVE-2008-3114
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to obtain sensitive information the cache location via an untrusted application, aka CR 6704074...