SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Search Results

IDDate
Public		Name
VU#35528411/28/2005Sun Java Runtime Environment applet privilege escalation vulnerability
VU#76034411/22/2004Sun Java Plug-in fails to restrict access to private Java packages
VU#31977111/05/2007Apple QuickTime for Java may allow Java applets to gain elevated privileges
VU#13854506/04/2007Java Runtime Environment Image Parsing Code buffer overflow vulnerability
VU#99583605/29/2007Apple QuickTime for Java security bypass vulnerability
VU#10228912/20/2006Sun Java JRE vulnerable to privilege escalation
VU#75999602/07/2006Sun Java Reflection API security bypass vulnerabilities
VU#65263602/07/2006Sun Java Web Start security bypass vulnerability
VU#97418811/28/2005Sun Java Runtime Environment "reflection" API privilege elevation vulnerabilities
VU#93168411/28/2005Sun Java Management Extensions privilege escalation vulnerability
VU#42022212/20/2004Konqueror fails to restrict access to Java classes
VU#11855805/06/2004Sun Java Runtime Environment vulnerable to DoS
VU#11687507/18/2001Adobe PhotoDeluxe does not adequately restrict Java execution
VU#22302803/06/2008Sun Java WebStart stack buffer overflow
VU#33610510/04/2007Sun Java JRE vulnerable to unauthorized network access
VU#43474805/29/2007Apple QuickTime for Java information disclosure vulnerability
VU#38828901/16/2007Sun Microsystems Java GIF image processing buffer overflow
VU#14945712/20/2006Sun Java JRE vulnerable to arbitrary code execution via an undetermined error
VU#42066804/20/2007Apple QuickTime for Java QTPointerRef heap memory corruption vulnerability
VU#93960912/20/2006Sun Java JRE vulnerable to arbitrary code execution via an unspecified error
VU#59490411/01/2006Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability
VU#49555610/11/2005VERITAS NetBackup Java Administration Console contains a format string vulnerability in "bpjava-msvc"
VU#54439202/08/2005Sun Java Plugin may create temporary files with predictable names
VU#96440110/29/2004Sun Java System Web Proxy Server vulnerable to buffer overflow
VU#14089809/09/2002Microsoft Java implementation allows execution of malicious code
VU#65762511/12/2002Microsoft Virtual Machine incorrectly parses the domain portion of URLs containing a colon
VU#30730609/09/2002Microsoft Java implementation JDBC classes do not properly validate DLL requests
VU#44756904/09/2003Microsoft Windows Virtual Machine (VM) ByteCode Verifier fails to properly check Java applets for malicious code
VU#23777711/12/2002Microsoft Virtual Machine allows applets write access to the Standard Security Manager
VU#39329206/04/2003Sun Java Runtime Environment allows untrusted applets to access information within trusted applets
VU#89752911/12/2002Microsoft Virtual Machine allows untrusted applets to access the user.dir system property
VU#79288109/09/2002Microsoft Java implementation JDBC functions do not properly validate parameters
VU#3223108/03/2000Netscape Java Security Manager fails to prevent URLConnections through netscape.net.URLConnection Class
VU#95920711/28/2000Lotus Notes Java VM leaks file existence through timing difference in ECLs
VU#74688905/25/2007Sun Java System Web Proxy Server fails to properly process malformed packets
VU#24368106/29/2006OpenOffice.org may fail to properly contain certain Java applets
VU#88125407/21/2004Sun Java System Portal Server fails to properly handle changes to display options
VU#16665110/14/2008Husdawg, LLC Systems Requirements Lab ActiveX control and Java applet vulnerable to arbitrary code download and execution
VU#54745902/06/2002Oracle 9iAS creates temporary files when processing JSP requests that are world-readable
VU#11495603/08/2005Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page
VU#82940012/27/2005Research in Motion (RIM) BlackBerry Handheld web browser does not properly handle Java Application Description (JAD) files
VU#68545610/20/2004Veritas NetBackup "bpjava-susvc" process contains an input validation error
VU#98165107/02/2001Caucho Technologies Resin vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#56065907/02/2001IBM WebSphere vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#27008307/02/2001IBM VisualAge Professional vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#67268307/02/2001Apache Tomcat vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#13156907/12/2001Microsoft Outlook View Control allows execution of arbitrary code and manipulation of user data
VU#65464307/02/2001Allaire JRun Java Application Server vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#63265602/20/2007JBoss Application Server may not properly restrict access to the administrative interface
VU#21298411/03/2007Mortbay Jetty vulnerable to HTTP response splitting
VU#11838804/21/2006Symantec Scan Engine fails to properly perform authentication
VU#61294906/16/2005XMLHttpRequest Object security bypass in Opera Web Browser
VU#11080305/23/2001CrushFTP Server does not adequately filter user input thereby permitting directory traversal
VU#69846702/06/2002Oracle 9iAS default configuration allows access to "globals.jsa" file
VU#34335508/11/2008Apache Tomcat UTF8 Directory Traversal Vulnerability
VU#30520812/05/2007Caucho Resin vulnerable to XSS via "file" parameter to "viewfile"
VU#76782501/10/2008Liferay Portal fails to protect against CSRF
VU#21782501/10/2008Liferay Portal Admin portlet Shutdown message XSS
VU#73244901/10/2008Liferay Portal User Profile Greeting stored XSS
VU#32606501/10/2008Liferay Portal Enterprise Admin User-Agent HTTP header XSS
VU#43861611/05/2007Mortbay Jetty fails to properly handle cookies with quotes
VU#23788811/05/2007Mortbay Jetty Dump Servlet vulnerable to cross-site scripting
VU#20471003/14/2005Apache Tomcat fails to properly handle certain requests
VU#43464103/27/2006Microsoft Internet Explorer may automatically execute HTA files
VU#18455804/21/2004BEA WebLogic Server contains a vulnerability in the URL pattern matching
VU#99978807/31/2003BEA WebLogic Server code execution paths may cause the current user to be incorrect
VU#35035001/27/2004BEA WebLogic Server stores administrator password in clear text in config.xml
VU#92023804/14/2004BEA WebLogic Server stores database password in clear text in "config.xml"
VU#64223907/02/2001Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page
VU#56639004/14/2004BEA WebLogic Server fails to properly validate certificate chains
VU#79861102/06/2002Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"
VU#35211004/14/2004BEA WebLogic Server internal methods may disclose sensitive information
VU#65887804/21/2004BEA WebLogic Server allows unauthorized removal of EJB objects
VU#75079601/05/2010Liferay Portal p_p_id parameter vulnerable to persistent cross-site scripting
VU#77193702/13/2008Apache mod_jk2 host header buffer overflow
VU#88820901/10/2008Liferay Portal Forgot Password User-Agent HTTP header XSS
VU#55323512/28/2007Jetty fails to properly process URLs that contain double / characters
VU#99354408/13/2007Apache Tomcat fails to properly handle cookies containing single quotes
VU#86260007/21/2007Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field
VU#95007005/12/2004BEA WebLogic Server contains vulnerability in handling of certain tags when editing "weblogic.xml"
VU#85899001/27/2004BEA WebLogic Server fails to properly associate the user identity on subsequent client connections
VU#57422204/21/2004BEA WebLogic Server configuration wizard stores administrative credentials in clear text log files
VU#47047004/14/2004BEA WebLogic Server fails to properly associate re-created groups
VU#18087601/24/2008GE Fanuc Proficy Information Portal transmits authentication credentials in plain text
VU#67102805/14/2007OPeNDAP filesystem enumeration vulnerability
VU#42850012/19/2006Mozilla LiveConnect vulnerable to crash finalizing JS objects
VU#85186906/14/2005Microsoft HTML Help vulnerable to integer overflow
VU#71782701/10/2002Multiple Oracle 9iAS sample pages contain vulnerabilities
VU#24324311/05/2001Entrust GetAccess does not validate user input thereby allowing users to read arbitrary files
VU#93960506/29/2005JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability
VU#86594008/20/2003Microsoft Internet Explorer does not properly evaluate "application/hta" MIME type referenced by DATA attribute of OBJECT element
VU#36248311/28/2001Cisco IOS Firewall Feature Set fails to check IP protocol type thereby allowing packets to bypass dynamic access control lists
VU#32307011/25/2003Outlook Express MHTML protocol handler does not properly validate source of alternate content
VU#49855302/26/2007EMC NetWorker Management Console weak authentication vulnerability
VU#43505202/23/2009Intercepting proxy servers may incorrectly rely on HTTP headers to make connections
VU#71573711/07/2007Mozilla-based browsers jar: URI cross-site scripting vulnerability
VU#40258004/29/2009Jetty HTTP server directory traversal vulnerability
VU#67006007/25/2006Mozilla fails to properly release JavaScript references
VU#72496808/02/2007RSA key reconstruction vulnerability
VU#54730009/28/2006OpenSSL SSL_get_shared_ciphers() vulnerable to buffer overflow
VU#84562009/05/2006Multiple RSA implementations fail to properly handle signatures
VU#38696409/28/2006OpenSSL SSLv2 client code fails to properly check for NULL

If this page is empty, your search did not match any documents.

Produced 2010 by US-CERT, a government organization
Disclaimers and copyright information