Slack: File upload XSS (Java applet) on http://slackatwork.com/

The web application supports file uploads and I was able to upload a Java Applet .class/.jar file. If a web browser loads a Java applet from a trusted site, the browser provides no security warning. If an attacker can upload a CLASS/JAR file with an applet, the file is executed even if the web...

UBUNTU-CVE-2015-7196

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service incorrect garbage collection and application crash or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript...

ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)

An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...

OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)

A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...

OpenJDK: incorrect permissions check in resource loading (Beans, 8068320)

A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions...

PT-2015-04: JNLP File Inclusion in Inductive Automation Ignition

The specialists of the Positive Research center have detected a JNLP File Inclusion vulnerability in Inductive Automation Ignition. Adding any symbols to users’ web request for starting Java applet allow including into jnlp file in the field indicating applet to be executed. By manipulating this...

ICU: font parsing OOB read (OpenJDK 2D, 8055489)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

ICU: font parsing OOB read (OpenJDK 2D, 8055489)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

ICU: font parsing OOB read (OpenJDK 2D, 8056276)

A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...

Oracle Java AtomicReferenceFieldUpdater Type Confusion (CVE-2014-4262)

A memory corruption vulnerability exists in Oracle Java. The vulnerability is due to a type confusion flaw in AtomicReferenceFieldUpdater class. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing maliciously crafted Java applet...

Oracle Java System.arraycopy Race Condition (CVE-2014-0456)

A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to a race condition in System.arraycopy. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet...

Oracle Java SE GSUB FeatureCount Buffer Overflow

A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to the font parsing code failing to check the "FeatureCount" value of the GSUB table used in controlling heap memory allocation. A remote unauthenticated attacker can exploit this vulnerability by persuading user...

Oracle JRE - java.net.URLConnection class – Same-of-Origin (SOP) Policy Bypass

No description provided by source. Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when communication occurs between two domains that...

Mac OS X - Java applet Remote Deserialization Remote PoC (updated)

No description provided by source. Critical Mac OS X Java Vulnerabilities Introduction Five months ago, CVE-2008-5353 and other vulnerabilities were publicly disclosed, and fixed by Sun. CVE-2008-5353 allows malicious code to escape the Java sandbox and run arbitrary commands with the permissions...

Microsoft Virtual Machine Arbitrary Java Codebase Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1812/info An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victims via HTML email or a website. Any arbitrary codebase can be referenced by a java...

Java CMM Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

Compaq Java Applet for Presario SpawnApp Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/557/info Some Compaq computers come with a Java applet called SpawnApp. This applet is used to run Compaq diagnostic utilities from the local hard drive when certain Compaq websites are viewed. The problem is that the...

Microsoft Windows 98/2000 UDP Socket DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2340/info Microsoft Windows 2000 and 98 are subject to a denial of service condition. Receiving a maliciously crafted email or visiting a malicious web site could prevent Windows 2000 from DNS resolution and Windows 98 fr...

opera web browser 7.54 java implementation Multiple Vulnerabilities (2)

No description provided by source. source: http://www.securityfocus.com/bid/11712/info Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation. These issues may...

opera web browser 7.54 java implementation Multiple Vulnerabilities (3)

No description provided by source. source: http://www.securityfocus.com/bid/11712/info Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation. These issues may...