175 matches found
Oracle Java Web Start Launch Command-Line Injection (CVE-2010-0886; CVE-2010-0887; CVE-2010-1423)
The Oracle Java Web Start is a component of the Java 2 Runtime Environment JRE. It facilitates network deployment of applications developed with the Java programming language. This component enables stand-alone Java applications to be downloaded from a remote network location and run on a target...
Java: Java Web Start arbitrary command line injection
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
JAVA web start arbitrary command-line injection - "-XXaltjvm" arbitrary dll loading (0day)
HTML Version ---------- http://www.reversemode.com/index.php?option=comcontent&task=view&id=67&Itemid=1 ---------- Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I...
JAVA Web Start Arbitrary command-line injection
Exploit for multiple platform in category remote exploits =============================================== JAVA Web Start Arbitrary command-line injection =============================================== Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java...
JAVA Web Start Arbitrary Command-Line Injection
Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common "0day++" tweet. The method in which Java Web Start support has been added to the JRE is not less th...
JAVA Web Start - Arbitrary Command-Line Injection
Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common "0day++" tweet. The method in which Java Web Start support has been added to the JRE is not less th...
Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Sun Java Web Start Plugin Command Line Argument Injection', 'Description' = %q This module exploits a flaw in the Web Start...
Skype URI Handler Input Validation
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Skype URI Handler Input Validation Versions affected: All versions prior to 4.2.0.1.55 v4.2 hotfix 1 +-----------+ |Description| +-----------+ The Windows Skype client implements tw...
Skype - URI Handler Input Validation
No description provided by source. Description The Windows Skype client implements two URI handlers, Skype: and Skype-Plugin. Both handlers allow for easy browser integration and are supported by all modern browsers. When a Skype link is clicked, the Skype.exe process is spawned with the /URI:...
Information disclosure
ManageEngine PasswordManager Pro PMP allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are...
Java Web Start argument injection vulnerability
OVERVIEW ======== Java Web Start is a technology for easy client-side deployment of Java applications. "Using Java Web Start technology, standalone Java software applications can be deployed with a single click over the network" from Sun Microsystems's website. Java Web Start is installed with Ja...
Microsoft Internet Explorer 6 - mms Protocol Handler Executable Command Line Injection
Microsoft Internet Explorer 6 - mms Protocol Handler Executable Command Line Injection source: https://www.securityfocus.com/bid/10879/info A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an...
Microsoft Internet Explorer 6 - mms Protocol Handler Executable Command Line Injection
source: https://www.securityfocus.com/bid/10879/info A vulnerability has been reported to exist in Microsoft Internet Explorer that may allow remote attackers to pass arbitrary command line arguments to an application associated with the mms: URI protocol handler. Windows Media Player is the...
CVE-2003-0070
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containin...
DEBIAN-CVE-2003-0068
The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker t...