Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

openSUSE Security Update : seamonkey (seamonkey-4462)

Mozilla SeaMonkey was updated to the 2.0.14 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstance...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4456)

Mozilla XULRunner 1.9.1 was updated to the 1.9.1.19 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...

openSUSE Security Update : mozilla-js192 (mozilla-js192-4460)

Mozilla XULRunner 1.9.2 was updated to the 1.9.2.17 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...

Citrix NetScaler Multiple Vulnerabilities (CTX140651)

The remote Citrix NetScaler version is affected by multiple vulnerabilities : - A low quality random number generation is used to produce secret key values in the implementation of the Diffie-Hellman key exchange algorithm in the management GUI Java applet. Publicly known predictors exist for the...

Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow - ver 2 (CVE-2013-5907)

A heap buffer overflow vulnerability exists in Oracle Java. The vulnerability is due to invalid processing of the ReqFeatureIndex entry in the GSUB table. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java...

CVE-2014-2881 - Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler

Vulnerability title: Poor Quality Implementation of Diffie-Hellman Key Exchange in Citrix Netscaler CVE: CVE-2014-2881 Vendor: Citrix Product: Netscaler Affected version: All prior to 10.1-122.17/9.3-66.5 Fixed version: 10.1-122.17/9.3-66.5 Reported by: Graham Sutherland Details: The remote...

CVE-2014-2882 - Lack of SSL Certificate Validation in Citrix Netscaler

Vulnerability title: Lack of SSL Certificate Validation in Citrix Netscaler CVE: CVE-2014-2882 Vendor: Citrix Product: Netscaler Affected version: All prior to 10.1-122.17/9.3-66.5 Fixed version: 10.1-122.17/9.3-66.5 Reported by: Graham Sutherland Details: The remote configuration Java applet...

Oracle Java ServiceLoader Exception Handling Sandbox Bypass (CVE-2014-0457)

A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to a flaw in exception handling of the ServiceLoader class. This flaw could be used to disable the security manager and run Java code with full privileges. A remote, unauthenticated attacker can exploit this...

CVE-2014-2881

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors...

CVE-2014-2881

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors...

CVE-2014-2881

The CVE-2014-2881 issue affects Citrix NetScaler devices (ADC and NetScaler Gateway) where the Diffie-Hellman key exchange in the management GUI Java applet uses a weak RNG. The root cause is use of java.util.Random to generate secret values, with known predictors and small seed sizes (32/48 bits...

CVE-2013-6493

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

CVE-2013-6493

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

Oracle Java FileDialog.Show Heap Buffer Overflow - Ver2 (CVE-2011-0802)

A remote code execution vulnerability has been reported in Oracle Java Runtime Environment.The vulnerability is due to insufficient validation of the selected file's default values size. A remote attacker could exploit this vulnerability by enticing an unsuspecting user to open a web page...

Oracle Java FileDialog.Show Heap Buffer Overflow - Ver2 (CVE-2011-0802)

A remote code execution vulnerability has been reported in Oracle Java Runtime Environment.The vulnerability is due to insufficient validation of the selected file's default values size. A remote attacker could exploit this vulnerability by enticing an unsuspecting user to open a web page...

CVE-2013-6493

The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp...

Oracle Java JNDI Sandbox Bypass (CVE-2014-0422)

A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to the insecure getContextClassLoader method in the JNDI component. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet...

MGASA-2014-0049 Updated icedtea-web packages fix CVE-2013-6493

Updated icedtea-web packages fix security vulnerability: LiveConnect provides a gateway between the JavaScript engine in the web browser and Java applets. An insecure temporary file use flaw was found in the LiveConnect implementation in the IcedTea-Web browser plug-in. A malicious, local user...

Yahoo!: Java Applet Execution On Y! Messenger

Thank you for your submission to Yahoo’s Bug Bounty program. While we recognize the effort that you put into the research and writing of a report for us to evaluate, but unfortunately this bug has already been reported to us. We appreciate your adherence to responsible disclosure guidelines and...