java

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers/漏洞数据库

日期 标题 类别 作者
2019-05-21 Oracle CTI Web Service – ‘EBS_ASSET_HISTORY_OPERATIONS’ XML Entity Injection
  • webapps
    		•  omurugur
    2019-04-30 Spring Cloud Config 2.1.x – Path Traversal (Metasploit)
  • webapps
    		•  Dhiraj Mishra
    2019-04-26 Apache Pluto 3.0.0 / 3.0.1 – Persistent Cross-Site Scripting
  • webapps
    		•  Dhiraj Mishra
    2019-04-08 ManageEngine ServiceDesk Plus 9.3 – User Enumeration
  • webapps
    		•  Operat0r
    2019-03-19 Jenkins 2.137 and Pipeline Groovy Plugin 2.61 – ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)
  • remote
    		•  Metasploit
    2019-02-25 Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 – Remote Code Execution
  • webapps
    		•  wetw0rk
    2019-02-19 Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)
  • webapps
    		•  orange
    2019-02-18 Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions
  • dos
    		•  Google Security Research
    2019-02-18 Oracle Java Runtime Environment – Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour
  • dos
    		•  Google Security Research
    2019-02-18 Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process
  • dos
    		•  Google Security Research
    2019-02-18 Oracle Java Runtime Environment – Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass
  • dos
    		•  Google Security Research
    2019-02-05 OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
  • webapps
    		•  Bishop Fox
    2019-01-28 Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
  • webapps
    		•  Ishaq Mohammed
    2018-11-30 Apache Spark – (Unauthenticated) Command Execution (Metasploit)
  • remote
    		•  Metasploit
    2018-11-14 Atlassian Jira – (Authenticated) Upload Code Execution (Metasploit)
  • remote
    		•  Metasploit
    2018-10-24 Apache OFBiz 16.11.04 – XML External Entity Injection
  • webapps
    		•  Jamie Parfet
    2018-10-22 Oracle Siebel CRM 8.1.1 – CSV Injection
  • webapps
    		•  Sarath Nair
    2018-10-01 ManageEngine AssetExplorer 6.2.0 – Cross-Site Scripting
  • webapps
    		•  Ismail Tasdelen
    2018-10-01 H2 Database 1.4.196 – Remote Code Execution
  • webapps
    		•  h4ckNinja
    2018-09-27 ManageEngine Desktop Central 10.0.271 – Cross-Site Scripting
  • webapps
    		•  Ismail Tasdelen
    2018-09-17 CA Release Automation NiMi 6.5 – Remote Command Execution
  • remote
    		•  Jakub Palaczynski
    2018-08-06 Wavemaker Studio 6.6 – Server-Side Request Forgery
  • webapps
    		•  Gionathan Reale
    2018-08-06 LAMS < 3.1 - Cross-Site Scripting
  • webapps
    		•  Nikola Kojic
    2018-07-16 Fortify Software Security Center (SSC) 17.x/18.1 – XML External Entity Injection
  • webapps
    		•  alt3kx