Java Statement.invoke() Trusted Method Chain Exploit

$Id: javatrustedchain.rb 10113 2010-08-23 18:49:35Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Java Statement.invoke() Trusted Method Chain Privilege Escalation

This module exploits a vulnerability in Java Runtime Environment that allows an untrusted method to run in a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23. This module requires Metasploit: https://metasploit.com/download Current source...

Sun Java Runtime Environment JPEGImageReader Heap Overflow

Java Technology is a programing platform developed by Sun Microsystems which aims to provide a system for developing and deploying cross-platform applications. Java is used in a wide variety programs that are deployed on personal computers as well as embedded devices and cell phones. Java...

Sun Java Runtime Environment Pack200 Decompression Integer Overflow (CVE-2008-5352; CVE-2009-1095)

There exists an integer overflow vulnerability in Sun Java Runtime Environment software. The vulnerability is due to insufficient validation while decompressing Pack200 jar.pack.gz files. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted HTML file...

OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093...

OpenJDK Inflater/Deflater clone issues (6745393)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...

OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091...

OpenJDK Inflater/Deflater clone issues (6745393)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...

OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093...

[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02273751 Version: 1 HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager SIM for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities NOTICE: The informati...

SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12623)

This update of IBM Java 1.5.0 to SR11 FP2 to fixes the following security issues : - Various unspecified and undocumented vulnerabilities that allows remote attackers to affect confidentiality, integrity and availability via various unknown vectors. CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,...

Sun Java Runtime Environment Abstract Windowing Toolkit Memory Corruption (CVE-2008-5359)

There exists a buffer overflow vulnerability in Sun Java Runtime Environment JRE. The vulnerability is caused due to improper checking of parameters passed to natively implemented class methods. A remote attacker may leverage this vulnerability to inject and execute arbitrary code on the target...

OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093...

OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

CentOS 5 : java-1.6.0-openjdk (CESA-2010:0339)

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

OpenJDK JRE AWT setBytePixels heap overflow (6872358)

Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote...

OpenJDK File TOCTOU deserialization vulnerability (6736390)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...

Java Runtime Environment Soundbank Resource Name Stack Buffer Overflow

Added: 04/22/2010 CVE: CVE-2010-0839 BID: 39070 OSVDB: 63494 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The JRE Java programming class library contains the Java Sound Application Interface API t...