1464 matches found
CVE-2008-5340
CVE-2008-5340 concerns an unspecified vulnerability in Java Web Start (JWS) and Java Plug-in affecting Sun JDK/JRE lines: Java SE 6 Update 10 and earlier; Java SE 5.0 Update 16 and earlier; and SDK/JRE 1.4.2_18 and earlier. The untrusted JWS applications can gain privileges to access local files ...
CVE-2008-5344
The CVE-2008-5344 entry describes an unspecified vulnerability in Sun Java Web Start (JWS) and Java Plug-in affecting Sun JDK/JRE 6u10 and earlier, JDK/JRE 5.0u16 and earlier, and SDK/JRE 1.4.2_18 and earlier. The issue allows untrusted applets to read arbitrary files and make unauthorized networ...
CVE-2008-5339
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka...
CVE-2008-5342
Unspecified vulnerability in the BasicService for Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted downloaded applications to cause local files to be displayed in the brows...
CVE-2008-5340
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...
CVE-2008-5343
Vulnerability GIFAR (CVE-2008-5343) affects Java Web Start (JWS) and Java Plug-in in Sun JDK/JRE 6u10 and earlier, JDK/JRE 5.0u16 and earlier, and SDK/JRE 1.4.2_18 and earlier. A crafted file that validates as both GIF and Java JAR can allow remote attackers to make unauthorized network connectio...
Code injection
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the 1 java.home, 2 java.ext.dirs, or 3 user.home System...
CVE-2008-2086
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the 1 java.home, 2 java.ext.dirs, or 3 user.home System...
CVE-2008-2086
CVE-2008-2086 affects Sun Java Web Start and Java Plug-in used by JDK/JRE 6 Update 10 and earlier; JDK/JRE 5.0 Update 16 and earlier; SDK/JRE 1.4.2_18 and earlier. It arises from a crafted jnlp file that modifies the java.home, java.ext.dirs, or user.home System Properties, enabling remote attack...
CVE-2008-2086
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the 1 java.home, 2 java.ext.dirs, or 3 user.home System...
JavaWebStart allows unauthorized network connections
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka...
Java WebStart privilege escalation
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...
Java WebStart unprivileged local file and network access
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors...
Moderate: Red Hat Security Advisory: vim security update
Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Vim Visual editor IMproved is an updated and improved version of the vi editor. Several input...
CVE-2008-4216
The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."...
Safari < 3.2 Multiple Vulnerabilities
Binary data 4754.prm...
Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow
Added: 10/31/2008 CVE: CVE-2008-4008 BID: 31683 OSVDB: 49283 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...
Gentoo Security Advisory GLSA 200411-38 (Java)
The remote host is missing updates announced in advisory GLSA 200411-38. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
IBM WebSphere Application Server 6.1 < Fix Pack 19 Multiple Flaws
IBM WebSphere Application Server 6.1 before Fix Pack 19 appears to be running on the remote host. As such, it is reportedly affected by multiple flaws : - An as-yet unspecified security exposure vulnerability exists when the 'FileServing' feature in the Servlet Engine / Web Container component is...
Java Plugin same-origin-policy bypass
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...