925 matches found
Directory traversal
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite...
CVE-2007-3504
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite...
CVE-2007-3504
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite...
CVE-2007-3504
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite...
CVE-2007-2435
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to...
GLSA-200602-07 : Sun JDK/JRE: Applet privilege escalation
The remote host is affected by the vulnerability described in GLSA-200602-07 Sun JDK/JRE: Applet privilege escalation Applets executed using JRE or JDK can use 'reflection' APIs functions to elevate its privileges beyond the sandbox restrictions. Adam Gowdiak discovered five vulnerabilities that...
CVE-2006-0613
Unspecified vulnerability in Java Web Start after 1.0.102, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications...
Security feature bypass
Unspecified vulnerability in Java Web Start after 1.0.102, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications...
CVE-2006-0613
Unspecified vulnerability in Java Web Start after 1.0.102, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications...
Sun Java Web Start security bypass vulnerability
Overview A vulnerability in the Sun Java Web Start may allow an untrusted Java applet or application to bypass security restrictions and execute arbitrary code. Description Java Web Start technology allows Java applications and applets to be executed via HTTP. Remote applications and applets are...
[SA18762] Java Web Start Sandbox Security Bypass Vulnerability
TITLE: Java Web Start Sandbox Security Bypass Vulnerability SECUNIA ADVISORY ID: SA18762 VERIFY ADVISORY: http://secunia.com/advisories/18762/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Java Web Start 1.x http://secunia.com/product/1005/ Sun Java JDK 1.5.x...
SUSE-SA:2005:032: java2
The remote host is missing the patch for the advisory SUSE-SA:2005:032 java2. Two security bugs in the SUN Java implementation have been fixed. Java Web Start can be exploited remotely due to an error in input validation of tags in JNLP files, so an attacker can pass arbitrary command-line option...
CVE-2002-2005
Technical details about CVE-2002-2005 are not publicly available in the provided documents. No concrete affected product/version, root cause, or remediation are described here. Monitor for updates from trusted sources.
CVE-2005-1973
Java Web Start in Java 2 Platform Standard Edition J2SE 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges...
[SA15671] Java Web Start Sandbox Security Bypass Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
CVE-2005-0418
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.206, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836...
CVE-2005-0418
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.206, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836...
CVE-2005-0836
CVE-2005-0836 describes an argument injection in Sun Java Web Start/J2SE (Java Web Start for J2SE 1.4.2 up to 1.4.2_06) where the value parameter in a JNLP file’s property tag can be exploited to grant privileges to untrusted applications. This can bypass Java security restrictions and may lead t...
CVE-2005-0836
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.206 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file...
Java Web Start argument injection vulnerability
OVERVIEW ======== Java Web Start is a technology for easy client-side deployment of Java applications. "Using Java Web Start technology, standalone Java software applications can be deployed with a single click over the network" from Sun Microsystems's website. Java Web Start is installed with Ja...