Page 3 of 23 results (0.021 seconds)

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called. Rogue Wave JViews en versiones anteriores 8.8 parche 21 y 8.9 en versiones anteriores parche 1 permite a atacantes remotos ejecutar código Java arbitrario que existe en el classpath, como código de prueba o código de administración. El problema existe porque el servlet ilog.views.faces.IlvFacesController en jviews-framework-all.jar no requiere la configuración explícita de los servlets que se pueden llamar. • https://rwkbp.makekb.com/?View=entry&EntryID=2521 https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 1

Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. Perforce Server 2009.2 y anteriores, cuando la tabla de proteccion esta vacia, permite a usuarios remotos autenticados obtener super privilegios a traves del comando "p4 protect". • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html http://www.securityfocus.com/bid/36261 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command. El servidor FTP en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (desreferencia a puntero NULL y caida de demonio) a traves de cierto comando MKD. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff. El servicio Perforce (p4s.exe) en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (caida de demonio) a traves de datos manipulados que empiezan con una secuencia de bytes 0x4c, 0xb3, 0xff, 0xff, and 0xff. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-20: Improper Input Validation •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. La funcionalidad de inicio en Perforce Server 2008.1 permite a usuarios remotos autenticados con super privilegios ejecutar comandos del sistema operativo mediante el uso de un comando "cliente p4" en union con la secuencia de comando de inicio. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •