21 results (0.010 seconds)

CVSS: 9.3EPSS: 12%CPEs: 128EXPL: 0

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods. Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar código través de vectores relacionados con "uso inseguro" de métodos (1) java.lang.Class getDeclaredMethods o (2) java.lang.reflect.AccessibleObject setAccessible(). • http://rhn.redhat.com/errata/RHSA-2012-1467.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51634 http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659 http://www-01.ibm.com/support/docview.wss?uid=swg21615705 http://www-01.ibm.com/support/docview.wss?uid=swg21615800 http://www-01.ibm.com/support/docview.wss?uid=swg21616490 http://www-01.ibm.com/support/docview.wss? •

CVSS: 9.3EPSS: 76%CPEs: 128EXPL: 0

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method." Una vulnerabilidad no especificada en el componente JRE de IBM Java 7 SR2 y anteriores, SR3 Java v6.0.1 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores, tal y como se utiliza en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes y Domino, Tivoli Storage Productivity Center y Service Deliver Manager y otros productos de otros fabricantes tales como Red Hat, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con el "uso inseguro del método defineClass java.lang.ClassLoder()." • http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51634 http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687 http://www-01.ibm.com/support/docview.wss?uid=swg21615705 http&# •

CVSS: 9.3EPSS: 31%CPEs: 128EXPL: 0

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method." Vulnerabilidad no especificada en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, ejecutandose en un gestor de seguridad, permite a atacantes remotos obtener privilegios modificando o eliminando el gestor de seguridad a través de vectores relacionados con "uso inseguro del método java.lang.reflect.Method invoke()" • http://rhn.redhat.com/errata/RHSA-2012-1465.html http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51393 http://secunia.com/advisories/516 •

CVSS: 9.3EPSS: 82%CPEs: 128EXPL: 0

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class." Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar códigoa través de vectores relacionados con "uso inseguro de uso [de] métodos múltiples en la clase java.lang.class class." • http://rhn.redhat.com/errata/RHSA-2012-1465.html http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51393 http://secunia.com/advisories/516 •

CVSS: 2.6EPSS: 0%CPEs: 11EXPL: 1

Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Lotus Notes Traveler anteriores a v8.5.3.3 Interim Fix 1, cuando se usa Firefox, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro redirectURL, es una vulnerabilidad distinta a CVE-2012-4824 y CVE-2012-4825. • http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •