CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 2CVE-2005-1596
https://notcve.org/view.php?id=CVE-2005-1596
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter. • http://secunia.com/advisories/15257 http://www.exploits.co.in/Article1134.html http://www.osvdb.org/16216 http://www.osvdb.org/16217 http://www.securiteam.com/exploits/5OP042KFPU.html http://www.vupen.com/english/advisories/2005/0508 https://exchange.xforce.ibmcloud.com/vulnerabilities/20531 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2331
https://notcve.org/view.php?id=CVE-2004-2331
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. • http://secunia.com/advisories/10743 http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html http://www.securityfocus.com/bid/9521 https://exchange.xforce.ibmcloud.com/vulnerabilities/14984 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 5.0EPSS: 0%CPEs: 61EXPL: 0CVE-2004-1145
https://notcve.org/view.php?id=CVE-2004-1145
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files. • http://marc.info/?l=bugtraq&m=110356286722875&w=2 http://secunia.com/advisories/13586 http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml http://www.heise.de/security/dienste/browsercheck/tests/java.shtml http://www.kb.cert.org/vuls/id/420222 http://www.kde.org/info/security/advisory-20041220-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:154 http://www.redhat.com/support/errata/RHSA-2005-065.html https://exchange.xforce.ibmcloud.com/vulnera •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2004-0723
https://notcve.org/view.php?id=CVE-2004-0723
Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." • http://marc.info/?l=bugtraq&m=108948405808522&w=2 http://www.securityfocus.com/bid/10688 https://exchange.xforce.ibmcloud.com/vulnerabilities/16666 •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 1CVE-2003-0896 – Sun Java Virtual Machine 1.x - Slash Path Security Model Circumvention
https://notcve.org/view.php?id=CVE-2003-0896
The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." • https://www.exploit-db.com/exploits/23276 http://lsd-pl.net/code/JVM/jre.tar.gz http://marc.info/?l=bugtraq&m=106692334503819&w=2 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57221 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200356-1 http://www.securityfocus.com/advisories/6028 http://www.securityfocus.com/archive/1/342580 http://www.securityfocus.com/archive/1/342583 http://www.securityfocus.com/bid/8879 •