Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
reflection vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-7049
An issue exists in Wowza Streaming Engine prior to 4.7.1. There is an XSS vulnerability in the HTTP providers (com.wowza.wms.http.HTTPProviderMediaList and com.wowza.wms.http.streammanager.HTTPStreamManager) causing script injection and/or reflection via a crafted HTTP request.
Wowza Streaming Engine
NA
CVE-2006-0616
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and previous versions allows remote malicious users to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."
Sun Jdk
Sun Jre
5.4
CVSSv3
CVE-2023-2267
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an malicious user to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more details.
Selinc Sel-411l Firmware
Selinc Sel-411l Firmware R128-v0
Selinc Sel-411l Firmware R129-v0
5.5
CVSSv3
CVE-2004-2331
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
Macromedia Coldfusion 6.1
8.1
CVSSv3
CVE-2020-5604
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
Mercari Mercari
8.8
CVSSv3
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious be...
Infinispan Infinispan
Redhat Fuse 1.0
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform 7.2
Netapp Active Iq Unified Manager -
9.8
CVSSv3
CVE-2019-11234
FreeRADIUS prior to 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
Freeradius Freeradius
Fedoraproject Fedora
Redhat Enterprise Linux 7.0
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
6.1
CVSSv3
CVE-2019-5286
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the malicious user to initiate XSS attacks. Affects HedEx Lite versions earlier than V200R006C00SPC007.
Huawei Hedex Lite
NA
CVE-2006-0615
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and previous versions, SDK and JRE 1.4.x up to and including 1.4.2_09 allow remote malicious users to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs...
Sun Jdk 1.5.0
Sun Jre 1.4.2 4
Sun Jre 1.4.2 5
Sun Jre 1.4.2 6
Sun Jre 1.4.2 7
Sun Jre 1.5.0
Sun Jre 1.4.2 1
Sun Jre 1.4.2 3
Sun Jre 1.4.2 8
Sun Jre 1.4.2
Sun Jre 1.4.2 2
Sun Jre 1.4.2 9
Sun Sdk 1.4.2 9
Sun Sdk 1.4.2 3
Sun Sdk 1.4.2 8
Sun Sdk 1.4.2 1
Sun Sdk 1.4.2 2
Sun Sdk 1.4.2 5
Sun Sdk 1.4.2 6
Sun Sdk 1.4.2
Sun Sdk 1.4.2 7
Sun Sdk 1.4.2 4
NA
CVE-2006-0614
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and previous versions, SDK and JRE 1.3.x up to and including 1.3.1_16 and 1.4.x up to and including 1.4.2_08 allows remote malicious users to bypass Java sandbox security and obtain privileges via unspecified vectors ...
Sun Jre 5.0
Sun Jdk 5.0
Sun Sdk
Sun Jre
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »