Check Point SSL VPN On-Demand应用程序远程代码执行漏洞

Bugtraq ID: 47695 CVE ID：CVE-2011-1827 SNX SecureWorkSpace和Endpoint Security On-Demand可从Connectra或security gateways下载的客户端，可实现按需远程连接。它们可使用Check Point Deployment Agent Java applet或ActiveX控件配置在浏览中。 应用程序SSL网络扩展器SNX, SecureWorkSpace和Endpoint Security On-Demand通过浏览器配置时，容易受到恶意网站的攻击，导致在末端用户机器上执行任意恶意代码。...

Mandriva Linux Security Advisory : firefox (MDVSA-2011:079)

Chris Evans of the Chrome Security Team reported that the XSLT generate-id function returned a string that revealed a specific valid address of an object on the memory heap. It is possible that in some cases this address would be valuable information that could be used by an attacker while...

Debian DSA-2228-1 : iceweasel - several vulnerabilities

Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox : - CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 'Scoobidiver', Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren,...

Mozilla untrusted events can trigger autocomplete popup (MFSA 2011-14)

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls...

Mozilla Firefox < 3.5.19 Multiple Vulnerabilities

Binary data 5900.prm...

Mozilla Firefox < 3.5.19 Multiple Vulnerabilities

Binary data 801247.prm...

Mozilla Firefox 3.6.x < 3.6.17 Multiple Vulnerabilities

Binary data 801238.prm...

The Social-Engineer Toolkit v1.3.5 Released !

The Social-Engineer Toolkit v1.3.5 Released ! "The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to...

Mandriva Update for firefox MDVA-2011:008 (firefox)

Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVA-2011:008 firefox Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Mac OS X : Java for Mac OS X 10.6 Update 4

The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 4. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the...

Mac OS X : Java for Mac OS X 10.5 Update 9

The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 9. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the...

MDVA-2011:008 : firefox

This is a bugfix release that upgrades firefox to the latest version 3.6.15 due to issues where some Java applets would fail to load. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:...

Java Multiple Issues

Hi all and sorry for cross post, after several months since I contacted Oracle informing them about ten issues on Java applet security, they finally released an Java 6 update 22 which fixes several security issues In particular the issues are the following, sorted by impact: Information Disclosur...

Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin &#40;SOP&#41; Policy Bypass

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Oracle JRE - java.net.URLConnection class – Same-of-Origin SOP Policy Bypass PDF: http://www.security-assessment.com/files/advisories/OracleJREjavaneturlconnectionSOPBypass.pdf CVE...

Oracle JRE - java.net.URLConnection class Same-of-Origin Policy Bypass

Exploit for windows platform in category remote exploits ======================================================================== Oracle JRE - java.net.URLConnection class Same-of-Origin Policy Bypass ======================================================================== Description...

Oracle JRE - java.net.URLConnection class Same-of-Origin SOP Policy Bypass

Oracle JRE - java.net.URLConnection class Same-of-Origin SOP Policy Bypass Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when...

Oracle JRE - java.net.URLConnection class Same-of-Origin &#039;SOP&#039; Policy Bypass

Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when communication occurs between two domains that resolve to the same IP address. Thi...

Sun Java - Calendar Deserialization (Metasploit)

$Id: javacalendardeserialize.rb 10389 2010-09-20 04:38:13Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Akamai Download Manager arbitrary file download &amp; execution

------------------------------------------------------------------------ Akamai Download Manager arbitrary file download & execution ------------------------------------------------------------------------ Yorick Koster, April 2009...

Akamai Download Manager Arbitrary Download / Execution

------------------------------------------------------------------------ Akamai Download Manager arbitrary file download & execution ------------------------------------------------------------------------ Yorick Koster, April 2009...