386 matches found
Java Applet - JAX-WS Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...
Oracle Java Runtime Bytecode Verifier Cache Code Execution (CVE-2012-1723)
An input validation error vulnerability has been reported in Oracle Java Runtime JRE. The vulnerability is due to a type confusion error. A remote attacker can exploit this issue by enticing a target user to open a specially crafted web page containing a Java applet or running a Java Archive JAR...
Mac OS X : Java for Mac OS X 10.6 Update 11
The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 11, which updates the Java version to 1.6.037. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the...
The Rise of Cross-Platform Malware
For most of the recorded history of malware, viruses, Trojans and other malicious software have been specialists. Each piece of malware typically targeted one platform, be it Windows, OS X or now, one of the mobile platforms. But the last few months have seen the rise of cross-platform malware th...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
DEBIAN-CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
Code injection
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
CVE-2012-3423
Summary (CVE-2012-3423) : The IcedTea-Web plugin (before 1.2.1) mishandles NPVariant NPStrings that are not NUL-terminated, enabling a remote attacker to crash the browser, potentially disclose memory and/or execute arbitrary code via a crafted Java applet. This is tied to IcedTea-Web’s NPString ...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64
This erratum blacklists a small number of HTTPS certificates. BZ689430 These updated firefox packages also fixes the following bug : - Prior to this update, some Java applets would fail to load in the 3.6.14 version of Firefox. In this newly-released version Firefox 3.6.15, Java applets no longer...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
Cross-platform Trojan : Mac, Windows, Linux - Nothing safe !
Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and...
Trojan Downloader Determines OS, Infects Systems With Custom Malware
A new downloader uncovered by researchers at the Finnish security firm F-Secure is capable of sniffing out which operating system a user is running and infecting them with a custom malicious payload. F-Secure’s Karmina Aquino discovered the attack on a compromised Colombian transport website. The...
Java Applet Field Bytecode Verifier Cache Remote Code Execution
Exploit for java platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
CVE-2012-2496
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web...
Information disclosure
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web...
CVE-2012-2496
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web...
CVE-2012-2496
CVE-2012-2496 concerns Cisco AnyConnect Secure Mobility Client (WebLaunch VPN downloader) on 64‑bit Linux. A Java applet used by the VPN downloader does not properly restrict Java components, allowing a remote, unauthenticated attacker to execute arbitrary code via a crafted malicious website. Th...