7970 matches found
Java: Java Web Start arbitrary command line injection
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
Sun Java Web Start Plugin Command Line Argument Injection
$Id: javawsarginjectaltjvm.rb 9097 2010-04-16 08:08:40Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Sun Java Web Start Plugin Command Line Argument Injection
This module exploits a flaw in the Web Start plugin component of Sun Java Web Start. The arguments passed to Java Web Start are not properly validated. By passing the lesser known -J option, an attacker can pass arbitrary options directly to the Java runtime. By utilizing the -XXaltjvm option, as...
Sun Java Web Start Plugin Command Line Argument Injection
$Id: javawsarginjectaltvm.rb 9083 2010-04-15 15:23:43Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Java Zero-Day Attacks In The Wild
Just days after Google researcher Tavis Ormandy released details on a dangerous new Java vulnerability, malicious hackers have pounced and are exploiting the flaw in the wild to launch drive-by download attacks. Virus hunters have spotted the attacks on a popular song lyrics Web site. Any visitor...
JAVA web start arbitrary command-line injection - "-XXaltjvm" arbitrary dll loading (0day)
HTML Version ---------- http://www.reversemode.com/index.php?option=comcontent&task=view&id=67&Itemid=1 ---------- Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I...
Java Deployment Toolkit Performs Insufficient Validation
Java Deployment Toolkit Performs Insufficient Validation of Parameters ------------------------------------------------------------------------- Java Web Start henceforth, jws provides java developers with a way to let users launch and install their applications using a URL to a Java Networking...
[SECURITY] Fedora 13 Update: udisks-1.0.1-1.fc13
udisks provides a daemon, D-Bus API and command line tools for managing disks and storage devices...
Serious New Java Flaw Affects All Current Versions of Windows
There is a serious vulnerability in Java that leaves users running any of the current versions of Windows open to simple Web-based attacks that could lead to a complete compromise of the affected system. Two separate researchers released information on the vulnerability on Friday, saying that it...
JAVA Web Start Arbitrary command-line injection
Exploit for multiple platform in category remote exploits =============================================== JAVA Web Start Arbitrary command-line injection =============================================== Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java...
JAVA Web Start Arbitrary Command-Line Injection
Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common "0day++" tweet. The method in which Java Web Start support has been added to the JRE is not less th...
JAVA Web Start - Arbitrary Command-Line Injection
JAVA Web Start - Arbitrary Command-Line Injection Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common "0day++" tweet. The method in which Java Web Star...
JAVA Web Start - Arbitrary Command-Line Injection
Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common "0day++" tweet. The method in which Java Web Start support has been added to the JRE is not less th...
Java Deployment Toolkit - Performs Insufficient Validation of Parameters
Java Deployment Toolkit Performs Insufficient Validation of Parameters ------------------------------------------------------------------------- Java Web Start henceforth, jws provides java developers with a way to let users launch and install their applications using a URL to a Java Networking...
Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Sun Java Web Start Plugin Command Line Argument Injection', 'Description' = %q This module exploits a flaw in the Web Start...
Java Deployment Toolkit Performs Insufficient Validation of Parameters
Exploit for windows platform in category remote exploits ====================================================================== Java Deployment Toolkit Performs Insufficient Validation of Parameters ====================================================================== Java Deployment Toolkit...
DEBIAN-CVE-2009-2936
The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a vcl.inline...
CVE-2009-2936
The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a vcl.inline...
CVE-2009-2936
CVE-2009-2936 affects the Varnish reverse proxy CLI in the master process prior to 2.1.0, where the TCP-based commands do not require authentication. The vulnerability can allow remote attackers to: (1) execute arbitrary code via a vcl.inline directive containing inline C code; (2) change the mas...
Do all in cmd shell!- Vulnerability warning-the black bar safety net
Do all in cmd shell! Directory 1, Preface 2, The file transmission 3, The system configuration 4, the network configuration 5, software installation 6, Windows Script 7, The accompanying statement Foreword Cmd Shellcommand line interactionis a hack eternal topic, it is the historic and enduring i...