CVE-2009-1107

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing...

Design/Logic Flaw

Unspecified vulnerability in the Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors...

CVE-2009-1105

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490...

CVE-2009-1104

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.219 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted...

CVE-2009-1107

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing...

CVE-2009-1103

Unspecified vulnerability in the Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors...

CVE-2009-1106

CVE-2009-1106 affects Java Plug-in in JDK/JRE 6 Update 12, 11, and 10. The crossdomain.xml parser can be bypassed, allowing a remote attacker to connect to arbitrary sites and bypass access restrictions. Documented impact includes partial integrity and partial availability, with no confidentialit...

CVE-2009-1106

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948...

CVE-2009-1105

CVE-2009-1105 affects the Java Plug-in in JDK/JRE 6 Update 12, 11, and 10. The issue allows a user‑assisted remote attacker to cause a trusted applet to execute in an older JRE version, enabling exploitation of vulnerabilities present in that older runtime. The description from SUSE corroborates ...

CVE-2009-1104

The CVE-2009-1104 issue affects the Java Plug-in in JDK/JRE, specifically versions 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier. The root cause is that the Java Plug-in does not prevent Javascript loaded from localhost from connecting to other ports on the system v...

CVE-2009-1104

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.219 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted...

Java WebStart privilege escalation

Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...

Java Web Start exposes username and the pathname of the JWS cache

Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071...

Use Md5Crack crack Serv-U password-vulnerability warning-the black bar safety net

Look at ServU password encryption storage method First randomly generate a 2-bit charactersfrom a-z lowercase characters. Then the user's original password with this 2-bit random character merge to become the new password character. Such as: the user's original password is a,The randomly generate...

Mac OS X : Java for Mac OS X 10.4 Release 8

The remote Mac OS X 10.4 host is running a version of Java for Mac OS X older than release 8. The remote version of this software contains several security vulnerabilities in Java Web Start and the Java Plug-in. For instance, they may allow untrusted Java Web Start applications and untrusted Java...

Mac OS X : Java for Mac OS X 10.5 Update 3

The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing Update 3. The remote version of this software contains several security vulnerabilities in Java Web Start and the Java Plug-in. For instance, they may allow untrusted Java Web Start applications and untrusted...

[SECURITY] Fedora 10 Update: gedit-2.24.3-3.fc10

gEdit is a small but powerful text editor designed specifically for the GNOME GUI desktop. gEdit includes a plug-in API which supports extensibility while keeping the core binary small, support for editing multiple documents using notebook tabs, and standard text editor functions. You'll need to...

RedHat Security Advisory RHSA-2009:0205

The remote host is missing updates to Dovecot announced in advisory RHSA-2009:0205. A flaw was found in Dovecot's ACL plug-in. The ACL plug-in treated negative access rights as positive rights, which could allow an attacker to bypass intended access restrictions. CVE-2008-4577 A password disclosu...

Low: Red Hat Security Advisory: dovecot security and bug fix update

An updated dovecot package that corrects two security flaws and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. Dovecot is an IMAP server for Linux and UNIX-like systems, primarily writte...

Look at ServU password encryption and storage method-vulnerability warning-the black bar safety net

Look at ServU password encryption storage method First randomly generate a 2-bit charactersfrom a-z lowercase characters. Then the user's original password with this 2-bit random character merge to become the new password character. Such as: the user's original password is a,The randomly generate...