Lucene search
+L

1438 matches found

NVD
NVD
added 2001/09/27 4:0 a.m.18 views

CVE-2001-1254

Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing...

7.5CVSS6.4AI score0.01975EPSS
Exploits0References2
securityvulns
securityvulns
added 2001/08/25 12:0 a.m.39 views

Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.

During work I've found out that the combination of the Java Plugin 1.4 with the JRE 1.3 doesn't handle certificates properly. An applet signed with an outdated certificate shouldn't be able to get access to the filesystem on the client machine. However this happens when using the named combinatio...

0.1AI score
Exploits0
Cvelist
Cvelist
added 2001/05/07 4:0 a.m.34 views

CVE-2001-0137

Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerabili...

6.9AI score0.22168EPSS
Exploits1References4
exploitpack
exploitpack
added 2001/02/06 12:0 a.m.9 views

Microsoft Windows 982000 - UDP Socket Denial of Service

Microsoft Windows 982000 - UDP Socket Denial of Service source: https://www.securityfocus.com/bid/2340/info Microsoft Windows 2000 and 98 are subject to a denial of service condition. Receiving a maliciously crafted email or visiting a malicious web site could prevent Windows 2000 from DNS...

7.3AI score
Exploits0
CVE
CVE
added 2001/02/02 5:0 a.m.59 views

CVE-2001-0068

The CVE-2001-0068 entry concerns Mac OS Runtime for Java (MRJ) 2.2.3. The connected NVD entry states that remote attackers could exploit malicious applets to read files outside the CODEBASE context by abusing the ARCHIVE applet parameter. The vulnerability description does not provide exploit cod...

2.6CVSS7.1AI score0.01529EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2001/01/22 5:0 a.m.53 views

CVE-2000-1061

CVE-2000-1061 involves the Microsoft Virtual Machine (VM) in Internet Explorer 4.x–5.x, where an unsigned applet can create and use ActiveX controls. This enables a remote attacker to bypass IE security settings and execute arbitrary commands via a malicious web page or email. The underlying issu...

5.1CVSS7.8AI score0.10458EPSS
Exploits0References2Affected Software1
CERT
CERT
added 2000/10/31 12:0 a.m.41 views

Netscape Java Security Manager fails to prevent URLConnections through netscape.net.URLConnection Class

Overview Netscape Communicator and Navigator ship with Java classes that allow an unsigned Java applet to access local and remote resources in violation of the security policies for applets. Description Failures in the netscape.net package permit a Java applet to read files from the local file...

5CVSS5.9AI score0.20485EPSS
Exploits1References5
securityvulns
securityvulns
added 2000/10/26 12:0 a.m.121 views

Security Bulletin (MS00-081)

Microsoft Security Bulletin MS00-081 - -------------------------------------- Patch Available for New Variant of "VM File Reading" Vulnerability Originally posted: October 25, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the Microsoftr virtual...

0.2AI score
Exploits0
NVD
NVD
added 2000/10/20 4:0 a.m.20 views

CVE-2000-0711

Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice...

7.5CVSS6.6AI score0.33514EPSS
Exploits1References4
NVD
NVD
added 2000/10/20 4:0 a.m.19 views

CVE-2000-0676

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice...

5CVSS6.7AI score0.20485EPSS
Exploits1References10
exploitpack
exploitpack
added 2000/10/18 12:0 a.m.17 views

Microsoft Virtual Machine - Arbitrary Java Codebase Execution

Microsoft Virtual Machine - Arbitrary Java Codebase Execution source: https://www.securityfocus.com/bid/1812/info An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victims via HTML email or a website. Any arbitrary codebase...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2000/10/18 12:0 a.m.22 views

Microsoft Virtual Machine - Arbitrary Java Codebase Execution

source: https://www.securityfocus.com/bid/1812/info An attacker may gain read access on remote systems by specifying a custom codebase in a Java applet, and delivering to the victims via HTML email or a website. Any arbitrary codebase can be referenced by a java applet that was loaded by an tag i...

7.4AI score
Exploits0
CVE
CVE
added 2000/10/13 4:0 a.m.58 views

CVE-2000-0711

Vulnerability summary (CVE-2000-0711) : Netscape Communicator fails to prevent a ServerSocket object from being created by untrusted entities, enabling a remote attacker to start a server on the victim’s system via a malicious applet (as demonstrated by Brown Orifice). The underlying issue is a f...

7.5CVSS7AI score0.33514EPSS
Exploits1References4Affected Software2
CVE
CVE
added 2000/10/13 4:0 a.m.43 views

CVE-2000-0676

CVE-2000-0676 affects Netscape Communicator/Navigator 4.04–4.74. An unsigned Java applet could read local files (e.g., file://) and connect to remote resources via file/http/https/ftp URLs, enabling data exfiltration via Brown Orifice. Root cause is an implementation error in the JRE bundled with...

5CVSS6.7AI score0.20485EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.29 views

CVE-2000-0676

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice...

6.7AI score0.20485EPSS
Exploits1References10
Cvelist
Cvelist
added 2000/10/13 4:0 a.m.24 views

CVE-2000-0711

Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice...

6.6AI score0.33514EPSS
Exploits1References4
securityvulns
securityvulns
added 2000/08/18 12:0 a.m.46 views

JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!)

On Sat, 12 Aug 2000 05:33:29 +0900 "TAKAGI, Hiromitsu" [email protected] wrote: This can be verified by trying the following refined proof of concept Applet. http://java-house.etl.go.jp/takagi/java/test/Brumleve-BrownOrifice-modified-netscape.net.URLConnection/Test.html I have confirmed that Mac O...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2000/08/03 12:0 a.m.26 views

Sun JDK 1.1.x Sun JRE 1.1.x - Listening Socket

Sun JDK 1.1.x Sun JRE 1.1.x - Listening Socket source: https://www.securityfocus.com/bid/1545/info A set of flaws in multiple vendors' Java implementation allows a malicious applet to open a listening socket to accept network connections against the security policy. Java applications use the...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2000/06/02 4:0 a.m.26 views

CVE-1999-0142

The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts...

6.8AI score0.01547EPSS
Exploits0References1
Cvelist
Cvelist
added 2000/04/26 4:0 a.m.24 views

CVE-2000-0266

Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL...

6.6AI score0.16225EPSS
Exploits0References2
Rows per page
Query Builder