USN-1263-1: IcedTea-Web, OpenJDK 6 vulnerabilities

Deepak Bhole discovered a flaw in the Same Origin Policy SOP implementation in the IcedTea web browser plugin. This could allow a remote attacker to open connections to certain hosts that should not be permitted. CVE-2011-3377 Juliano Rizzo and Thai Duong discovered that the block-wise AES...

OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

MS10-022: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)

The installed version of the VBScript Scripting Engine allows an attacker to specify a Help file location when displaying a dialog box on a web page. If a user can be tricked into pressing the F1 key while such a dialog box is being displayed, an attacker can leverage this to cause the Windows He...

Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)

This host is missing a critical security update according to Microsoft Bulletin MS09-045. OpenVAS Vulnerability Test $Id: secpodms09-045.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft JScript Scripting Engine Remote Code Execution Vulnerability 971961 Authors: Nikita MR Added JScript 5.7 on...

Remote code execution

The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruptio...

CVE-2009-1920

The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruptio...

CVE-2009-1920

The CVE-2009-1920 vulnerability is a remote code execution flaw in the JScript scripting engine (JScript.dll) used by Internet Explorer. It arises from the engine’s handling of decoded scripts loaded into memory, where memory corruption can occur and allow arbitrary code execution when a user vis...

JScript Scripting Engine Web Pages Decoding Code Execution (MS09-045; CVE-2009-1920)

JScript is an interpreted, object-based scripting language that is often used to make Web sites more flexible or interactive. A remote code execution vulnerability has been reported in the way that the JScript scripting engine decodes script in Web pages. The vulnerability is due to a memory...

MS09-045: Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)

The remote host is running a version of Windows that contains a flaw in its JScript scripting engine. An attacker may be able to execute arbitrary code on the remote host by constructing a malicious JScript and enticing a victim to visit a web site or view a specially crafted email message. C...

banner NSE Script

A simple banner grabber which connects to an open TCP port and prints out anything sent by the listening service within five seconds. The banner will be truncated to fit into a single line, but an extra line may be printed for every increase in the level of verbosity requested on the command line...

CVE-2006-0830

The scripting engine in Internet Explorer allows remote attackers to cause a denial of service resource consumption and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetti...

CVE-2006-0830

The scripting engine in Internet Explorer allows remote attackers to cause a denial of service resource consumption and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetti...

CVE-2006-0830

CVE-2006-0830 affects the Internet Explorer scripting engine. A web page triggering a recurrent infinite loop in Javascript or VBScript can consume stack space, potentially causing a denial of service and, per the description, may allow arbitrary code execution by resetting the loop’s location va...

DEBIAN-CVE-2005-0508

Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."...

CVE-2005-0508

Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."...

CVE-2005-0508

Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."...

CVE-2005-0508

Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."...

CVE-2005-0508

CVE-2005-0508 affects Batik’s Squiggle component prior to Batik 1.5.1. The vulnerability allows bypassing certain access controls via features of the Rhino JavaScript engine due to a script security issue. Root cause is tied to Rhino scripting security in Squiggle. Affected software is Batik (Squ...

[SA14336] Batik Squiggle Browser Unspecified Security Bypass

TITLE: Batik Squiggle Browser Unspecified Security Bypass SECUNIA ADVISORY ID: SA14336 VERIFY ADVISORY: http://secunia.com/advisories/14336/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Batik 1.x http://secunia.com/product/4685/ DESCRIPTION: A vulnerability h...