CVE-2008-4695

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...

CVE-2008-4695

CVE-2008-4695 affects Opera prior to 9.60. An attacker can predict the cache path of a cached Java applet and load it from the cache, causing the applet to execute in the local machine context and potentially expose sensitive data. Connected disclosures (SUSE/Gentoo GLSA entries) confirm Opera mu...

Instant Expert Analysis ActiveX控件任意代码下载和执行漏洞

BUGTRAQ ID: 31752 CVECAN ID: CVE-2008-4385 Instant Expert Analysis允许站点通过单击方式快速分析用户的软硬件。 Instant Expert Analysis对Firefox或Netscape浏览器使用签名的Java Applet（SRLApplet.class，由sysreqlab2.jar或sysreqlab.jar提供），对Internet Explorer使用签名的ActiveX控件（sysreqlab.dll、sysreqlabsli.dll或sysreqlab2.dll）。...

CVE-2008-4385

Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in 1 a certain ActiveX control sysreqlab2.cab, sysreqlab.dll,...

Authentication flaw

Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in 1 a certain ActiveX control sysreqlab2.cab, sysreqlab.dll,...

CVE-2008-4385

Husdawg, LLC System Requirements Lab ActiveX control (sysreqlab*.dll) and Java applet RLApplet.class in sysreqlab2.jar/sysreqlab.jar allow remote arbitrary code execution via an unsafe Init path. The root cause is a design that lets a malicious website trigger download and execution of arbitrary ...

CVE-2008-4385

Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in 1 a certain ActiveX control sysreqlab2.cab, sysreqlab.dll,...

Husdawg, LLC Systems Requirements Lab ActiveX control and Java applet vulnerable to arbitrary code download and execution

Overview The Husdawg, LLC. System Requirements Lab ActiveX control and Java applet allow an unauthenticated remote attacker to download and execute arbitrary code. Description Husdawg, LLC. provides an ActiveX control and signed Java Applet that are used for benchmarking the capabilities of a PC...

FreeBSD : opera -- multiple vulnerabilities (fb84d5dd-9528-11dd-9a00-001999392805)

Opera reports : If a malicious page redirects Opera to a specially crafted address URL, it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page. Once a Java applet has been cached, if a page can predict the cache path...

Opera缓存Java Applet特权提升漏洞

BUGTRAQ ID: 31643 CNCAN ID：CNCAN-2008100913 Opera是一款开放源代码的WEB浏览器。 Opera存在安全绕过问题，远程攻击者可以利用漏洞执行缓存的Java Applet。 一旦Java Applet被缓存后，如果页面可预测Applet的缓存路径，可导致从缓存中装载Applet，导致以本地机器上下文执行。这可导致读取系统其他缓存文件或执行一些通常条件下受限操作。这些文件可包含敏感文件发送给攻击者。 Opera Software Opera Web Browser 8.51 Opera Software Opera Web Browser 8.5...

Opera Web Browser 8.51 - URI redirection Remote Code Execution

Opera Web Browser 8.51 - URI redirection Remote Code Execution source: https://www.securityfocus.com/bid/31631/info Opera Web Browser is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the...

Apple Mac OS X Java Applet HMAC供给器处理远程代码执行漏洞

BUGTRAQ ID: 31379 CVE ID：CVE-2008-3637 CNCVE ID：CNCVE-20083637 Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X Java Applet HMAC供给器使用未初始化变量，远程攻击者可以利用漏洞以应用程序上下文执行任意代码。 基于HASH的消息验证代码HMAC供给器用于生成MD5和SHA-A HASH，其中存在一个错误检查可导致使用未初始化变量。构建恶意的Java applet，诱使用户访问，可导致任意代码执行。 Apple Mac OS X Server 10.5.5 Apple Mac O...

Apple Mac OS X Java插件'file://' URL处理远程代码执行漏洞

BUGTRAQ ID: 31380 CVE ID：CVE-2008-3638 CNCVE ID：CNCVE-20083638 Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X不正确处理特殊构建的Java Applet，远程攻击者可以利用漏洞以应用程序上下文执行任意可执行程序。 Java插件没有阻止从file:// URL方式启动，构建恶意的Java Applet，诱使用户装载，可导致'file://' URL装载目标系统上的任意文件，导致任意代码执行。 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server...

Mac OS X : Java for Mac OS X 10.5 Update 2

The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing update 2. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to execute arbitrary code on the remote host. To exploit these flaws, an attacker woul...

JDK untrusted applet/application privilege escalation (6661918)

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

Design/Logic Flaw

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

CVE-2008-2806

CVE-2008-2806 affects Mozilla Firefox <= 2.0.0.15 and SeaMonkey

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin JEP and Java LiveConnect...