Java Statement.invoke() Trusted Method Chain Exploit

$Id: javatrustedchain.rb 10113 2010-08-23 18:49:35Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Java Statement.invoke() Trusted Method Chain Privilege Escalation

This module exploits a vulnerability in Java Runtime Environment that allows an untrusted method to run in a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23. This module requires Metasploit: https://metasploit.com/download Current source...

Sun Java Runtime Environment JPEGImageReader Heap Overflow

Java Technology is a programing platform developed by Sun Microsystems which aims to provide a system for developing and deploying cross-platform applications. Java is used in a wide variety programs that are deployed on personal computers as well as embedded devices and cell phones. Java...

Sun Java Runtime Environment Pack200 Decompression Integer Overflow (CVE-2008-5352; CVE-2009-1095)

There exists an integer overflow vulnerability in Sun Java Runtime Environment software. The vulnerability is due to insufficient validation while decompressing Pack200 jar.pack.gz files. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted HTML file...

OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093...

OpenJDK Inflater/Deflater clone issues (6745393)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...

OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091...

OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091...

OpenJDK Inflater/Deflater clone issues (6745393)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...

OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093...

[security bulletin] HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02273751 Version: 1 HPSBMA02547 SSRT100179 rev.1 - HP Systems Insight Manager SIM for HP-UX, Linux, and Windows, Remote Execution of Arbitrary Code and Other Vulnerabilities NOTICE: The informati...

SuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12623)

This update of IBM Java 1.5.0 to SR11 FP2 to fixes the following security issues : - Various unspecified and undocumented vulnerabilities that allows remote attackers to affect confidentiality, integrity and availability via various unknown vectors. CVE-2010-0084, CVE-2010-0085, CVE-2010-0087,...

Sun Java Runtime Environment Abstract Windowing Toolkit Memory Corruption (CVE-2008-5359)

There exists a buffer overflow vulnerability in Sun Java Runtime Environment JRE. The vulnerability is caused due to improper checking of parameters passed to natively implemented class methods. A remote attacker may leverage this vulnerability to inject and execute arbitrary code on the target...

RHEL 5 : Red Hat Network Satellite Server IBM Java Runtime (RHSA-2010:0471)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0471 advisory. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Serve...

OpenJDK Inflater/Deflater clone issues (6745393)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...

OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093...

OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084...

OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...