Multiple vulnerabilities in foxit reader (Foxit Reader)

foxit reader Foxit Reader is a PDF file reader. foxit reader Foxit Reader there are multiple vulnerabilities, vulnerabilities through the java app object of multiple function calls/apply method trigger, remote attackers can take advantage of the vulnerability in the current process to execute...

CVE-2016-5523

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet...

CVE-2016-5523

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet...

CVE-2016-5523

CVE-2016-5523 affects Oracle Supply Chain Products Suite (Oracle Agile PLM) 9.3.4/9.3.5 via the AutoVue Java Applet. The root cause is an unspecified vulnerability that allows remote authenticated users to affect confidentiality, integrity, and availability. Impact is described as partial to tota...

CVE-2016-5523

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet...

CVE-2016-5523

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet...

Mozilla Firefox Security Advisories (MFSA2016-49, MFSA2016-61) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Java applets bypass CSP protections — Mozilla

Mozilla engineer Matt Wobensmith reported that Content Security Policy CSP does not block the loading of cross-domain Java applets when specified by policy. This is because the Java applet is loaded by the Java plugin, which then mediates all network requests without checking against CSP. This...

icedtea security update

CentOS Errata and Security Advisory CESA-2016:0778 An update for icedtea-web is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Mozilla Firefox and Firefox Java applet code injection vulnerability

Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox when using the Java plugin, which can be exploited by remote attackers to redistribute a specially crafted Java applet from the in-use JavaScript...

CVE-2015-7196

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service incorrect garbage collection and application crash or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript...

Code injection

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service incorrect garbage collection and application crash or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript...

Mozilla: JavaScript garbage collection crash with Java applet (MFSA 2015-130)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service incorrect garbage collection and application crash or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript...

Slack: File upload XSS (Java applet) on http://slackatwork.com/

The web application supports file uploads and I was able to upload a Java Applet .class/.jar file. If a web browser loads a Java applet from a trusted site, the browser provides no security warning. If an attacker can upload a CLASS/JAR file with an applet, the file is executed even if the web...

UBUNTU-CVE-2015-7196

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service incorrect garbage collection and application crash or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript...

ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)

An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)

A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...

OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)

A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...

PT-2015-04: JNLP File Inclusion in Inductive Automation Ignition

The specialists of the Positive Research center have detected a JNLP File Inclusion vulnerability in Inductive Automation Ignition. Adding any symbols to users’ web request for starting Java applet allow including into jnlp file in the field indicating applet to be executed. By manipulating this...