mihi

9 exploits Active since Oct 2011
CVE-2011-3556 NOMISEC WORKING POC
Oracle Java SE JDK/JRE 7/6u27/5.0u31/1.4.2_33 & JRockit R28.1.4 - RCE via RMI
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.
1 stars
CVE-2011-3556 METASPLOIT ruby SCANNER
Oracle Java SE JDK/JRE 7/6u27/5.0u31/1.4.2_33 & JRockit R28.1.4 - RCE via RMI
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.
CVE-2011-3923 METASPLOIT CRITICAL ruby WORKING POC
Apache Struts <2.3.1.2 - Command Injection
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
CVSS 9.8
CVE-2011-3556 METASPLOIT ruby WORKING POC
Oracle Java SE JDK/JRE 7/6u27/5.0u31/1.4.2_33 & JRockit R28.1.4 - RCE via RMI
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.
CVE-2012-0391 METASPLOIT CRITICAL ruby WORKING POC
Apache Struts < 2.2.3.1 - Remote Code Execution via ExceptionDelegator OGNL Expression Injection
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
CVSS 9.8
CVE-2012-1723 METASPLOIT CRITICAL ruby WORKING POC
Java Applet Field Bytecode Verifier Cache Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVSS 9.8
CVE-2011-3556 EXPLOITDB ruby WORKING POC
Oracle Java SE JDK/JRE 7/6u27/5.0u31/1.4.2_33 & JRockit R28.1.4 - RCE via RMI
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.
CVE-2011-3923 EXPLOITDB CRITICAL ruby WORKING POC
Apache Struts <2.3.1.2 - Command Injection
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
CVSS 9.8
CVE-2012-1723 EXPLOITDB CRITICAL ruby WORKING POC
Java Applet Field Bytecode Verifier Cache Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVSS 9.8