Page 99 of 496 results (0.340 seconds)

CVSS: 4.0EPSS: 0%CPEs: 30EXPL: 0

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." • http://docs.info.apple.com/article.html?artnum=303658 http://secunia.com/advisories/18760 http://secunia.com/advisories/18884 http://securitytracker.com/id?1015596 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1 http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml http://www.kb.cert.org/vuls/id/759996 http://www.vupen.com/english/advisories/2006/0467 http://www.vupen.com/english/advisories/2006/0828 http://www.vupen.com/english/advisories/ •

CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 2

index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter. • http://secunia.com/advisories/15257 http://www.exploits.co.in/Article1134.html http://www.osvdb.org/16216 http://www.osvdb.org/16217 http://www.securiteam.com/exploits/5OP042KFPU.html http://www.vupen.com/english/advisories/2005/0508 https://exchange.xforce.ibmcloud.com/vulnerabilities/20531 •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. • http://secunia.com/advisories/10743 http://www.macromedia.com/devnet/security/security_zone/mpsb04-01.html http://www.securityfocus.com/bid/9521 https://exchange.xforce.ibmcloud.com/vulnerabilities/14984 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •

CVSS: 5.0EPSS: 0%CPEs: 61EXPL: 0

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files. • http://marc.info/?l=bugtraq&m=110356286722875&w=2 http://secunia.com/advisories/13586 http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml http://www.heise.de/security/dienste/browsercheck/tests/java.shtml http://www.kb.cert.org/vuls/id/420222 http://www.kde.org/info/security/advisory-20041220-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:154 http://www.redhat.com/support/errata/RHSA-2005-065.html https://exchange.xforce.ibmcloud.com/vulnera •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1

Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." • http://marc.info/?l=bugtraq&m=108948405808522&w=2 http://www.securityfocus.com/bid/10688 https://exchange.xforce.ibmcloud.com/vulnerabilities/16666 •