Java Web Start vulnerable to execution of unauthorized system classes

Overview Java Web Start, included in the JRE Java Runtime Environment from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes. Java Web Start, included in the JRE Java Runtime Environment and other products, is a tool for distributing...

javaws vulnerabilities

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for 1 classes/classadmin.php and 2 classes/classcomments.php. NOTE: the provenance of this information is unknown; the details are...

PCRE字符类缓冲区溢出漏洞

BUGTRAQ ID: 27786 CVECAN ID: CVE-2008-0674 PCRE（Perl兼容正则表达式）库是个开放源代码的软件，可提供正则表达式支持。 PCRE在处理字符类时存在缓冲区溢出漏洞，如果用户发送了codepoint大于255的超长UTF-8字符类的话，就可能触发这个溢出，导致执行任意指令。 PCRE 7.6 Debian ------ Debian已经为此发布了一个安全公告（DSA-1499-1）以及相应补丁: DSA-1499-1：New pcre3 packages fix arbitrary code execution...

Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow

Added: 03/12/2008 CVE: CVE-2006-4695 BID: 28135 OSVDB: 42711 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A buffer overflow vulnerability in the OWC.Spreadsheet.9 ActiveX control allows command execution when a user loads a web...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tmincludepath parameter to 1 Classes.inc.php, 2 statistic.inc.php, 3 status.inc.php, 4 statustopx.inc.php, or 5 libchart-1.1/libchart.php in include/. NOTE:...

openldap slapd DoS via objectClasses attribute

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service slapd crash via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent...

DEBIAN-CVE-2007-1660

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 encopyrite.php, 2 vicopyrite.php, and 3 arcopyrite.php in language/ directories; 4 classaccess.php, 5 classdepartment.php, 6...

CVE-2007-4918

CVE-2007-4918 describes a SQL injection in Gelato’s web app: classes/gelato.class.php vulnerable to arbitrary SQL via the post parameter to index.php . Affected: Gelato (web application). Root cause: unsafely constructed SQL from user input (no sufficient input validation/sanitization). Impact: r...

Microsoft Foundation Classes FindFile buffer overflow

Buffer overflow on oversized thirst argument...

javaws vulnerabilities

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to...

javaws vulnerabilities

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in LimeSurvey aka PHPSurveyor 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to 1 OLE/PPS/File.php, 2 OLE/PPS/Root.php, 3 Spreadsheet/Excel/Writer.php, or 4 OLE/PPS.php in admin/classes/pear/; or 5...

LimeSurvey (PHPSurveyor) 1.49RC2 Remote File Inclusion Vulnerability

No description provided by source. Owner : Pr0T3cT10n Email : [email protected] Homepage : www.kamikaz-team.com Script site : www.limesurvey.org Script name : LimeSurvey PHPSurveyor Version : 1.49RC2 Type : RFIRemote File Include Source :...

GLSA-200706-08 : emul-linux-x86-java: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200706-08 emul-linux-x86-java: Multiple vulnerabilities Chris Evans of the Google Security Team has discovered an integer overflow in the ICC parser, and another vulnerability in the BMP parser. An unspecified vulnerability...

Sun JRE / JDK multiple security vulnerabilities

Buffer and integer overflows in JPG and BMP processing, sandbox protection bypass with system classes...

Sun JDK/JRE: Multiple vulnerabilities

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description An unspecified vulnerability involving an "incorrect use of system classes" was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security...

CVE-2007-2465

Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing BSM is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service panic via unknown vectors, possibly related to the auditsavepath function...

Design/Logic Flaw

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to...