SeaMonkey < 2.20 Multiple Vulnerabilities

The installed version of SeaMonkey is a version prior to 2.20. It is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification whe...

Ubuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1925-1)

Jeff Gilbert and Henrik Skupin discovered multiple memory safety issues in Thunderbird. If the user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute...

RedHat Update for firefox RHSA-2013:1140-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Notes Accepts JavaScript Tags Inside HTML Emails

The IBM Notes application installed on the remote Windows host accepts Java applet tags and JavaScript tags inside HTML emails, making it possible to load Java applets and scripts from a remote location. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66637;...

Oracle Java Font Parsing maxPoints Heap Buffer Overflow

A heap memory corruption vulnerability exists in Oracle Java Runtime. The vulnerability is due to the font parsing code failing to check the "maxPoints" value used in controlling heap memory operation. A remote unauthenticated attacker can exploit this vulnerability by persuading users to load a...

RHEL 6 : java-1.7.0-openjdk (RHSA-2013:0751)

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Mac OS X : Java for OS X 2013-003

The remote Mac OS X 10.7 or 10.8 host has a Java runtime that is missing the Java for OS X 2013-003 update, which updates the Java version to 1.6.045. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary...

Java CMM Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Java CMM Remote Code Execution

This module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP...

Oracle Java Runtime CMM Code Execution (CVE-2013-1493)

A stack buffer overflow vulnerability has been reported in Oracle Java Runtime. The vulnerability is due to insufficient validation of the 'count' property of the 'curveType' object in the CMM module of the Oracle JVM. A remote attacker can exploit this vulnerability by enticing a target user to...

Mac OS X : Java for Mac OS X 10.6 Update 14

The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 14, which updates the Java version to 1.6.043. It is, therefore, affected by two security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the...

Java Applet JMX Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Java Applet JMX Remote Code Execution

This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning t...

Mac OS X : Java for Mac OS X 10.6 Update 13

The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 13, which updates the Java version to 1.6.041. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the...

Java Applet AverageRangeStatisticImpl Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Java Applet Method Handle Remote Code Execution

This module abuses the Method Handle class from a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects Java version 7u7 and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

Java Applet JMX Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Java Applet JMX Remote Code Execution

This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier. This module requires Metasploit: https://metasploit.com/download Current source:...

[SET] Social-Engineer Toolkit v4.3 "Turbulence"

The Social-Engineer Toolkit SET v4.3 has been released today! This version is over two solid months of development and has over 60 new features, additions, fixes, and enhancements. Most notably is the new payload selection called “Multi-pyInjector”. Multi-pyInjector allows you to inject as many...

Java Applet JAX-WS Remote Code Execution (CVE-2012-5076)

A security bypass vulnerability has been reported in Java Runtime Environment JRE...