OpenJDK GIF processing buffer overflow vulnerability (6804998)

Buffer overflow in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998...

OpenJDK LDAP client remote code execution (6737315)

Unspecified vulnerability in the LDAP implementation in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier allows remote LDAP servers to execute arbitrary code via unknown vector...

OpenJDK Privilege escalation in command line applications (6733959)

Stack-based buffer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with...

OpenJDK temporary files have guessable file names (6721753)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...

OpenJDK RSA public key length denial-of-service (6497740)

Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service CPU consumption via a crafted RSA public key...

Major software makers fail security transparency test

From SDTimes David Worthington A majority of the industry’s leading software makers surveyed by SD Times lack transparency about the internal principles that they use for writing secure software. Analysts believe that those companies are either practicing security by obscurity, do not adequately...

CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

Design/Logic Flaw

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

Belkin Bulldog Plus - HTTP Server Remote Buffer Overflow

Belkin Bulldog Plus - HTTP Server Remote Buffer Overflow !/usr/bin/python | || | / \ | | | | | | | | | - | | | / / | | |||| || // / |\ || Usage : belkin.py victimeip Bug : Belkin Bulldog Plus HTTP Server Remote Buffer Overflow Exploit Credits go to : Elazar Broad Tested on : Xp sp3 ENVB Exploited...

Belkin Bulldog Plus - HTTP Server Remote Buffer Overflow

!/usr/bin/python | || | / \ | | | | | | | | | - | | | / / | | |||| || // / |\ || Usage : belkin.py victimeip Bug : Belkin Bulldog Plus HTTP Server Remote Buffer Overflow Exploit Credits go to : Elazar Broad Tested on : Xp sp3 ENVB Exploited by : His0k4 Greetings : All friends & muslims HaCkErs...

OpenJDK temporary files have guessable file names (6721753)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...

OpenJDK Privilege escalation in command line applications (6733959)

Stack-based buffer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with...

Mandriva Linux Security Advisory : rsh (MDVSA-2008:191)

A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server CVE-2004-0175. This issue was originally...

Mandriva Linux Security Advisory : pam (MDVSA-2009:077)

A security vulnerability has been identified and fixed in pam : Integer signedness error in the pamStrTok function in libpam/pammisc.c in Linux-PAM aka pam 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and mig...

U.S. Should Play Larger Role in Securing Internet, Hathaway Says

In her much anticipated talk, acting senior director for cyberspace by President Obama, Melissa Hathaway generally reviewed what we already knew, and what has been previously reported when it comes to federal cyber security: The White House should coordinate IT security efforts; private sector...

RedHat Security Advisory RHSA-2009:0377

The remote host is missing updates announced in advisory RHSA-2009:0377. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment JRE contains the software and tools that users need to run applications written using the...

RedHat Security Advisory RHSA-2009:0377

The remote host is missing updates announced in advisory RHSA-2009:0377. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment JRE contains the software and tools that users need to run applications written using the...

Steamcast Buffer Overflow

!/usr/bin/python Usage : steamcast.py victimeip Bug : SteamcastHTTP Request Remote Buffer Overflow Exploit SEH 2 Founder : Luigi Auriemma, thx to overflow3r for informing me about the vuln. Tested on : Xp sp2 fr Exploited by : His0k4 Greetings : All friends & muslims HaCkErs...

PHP cURL safe_mode和open_basedir绕过安全限制漏洞

BUGTRAQ ID: 34475 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP支持libcurl库，用户可以使用各种类型的协议连接到不同类型的服务器。curl函数在检查safemode和openbasedir限制时存在漏洞，可能允许用户绕过安全限制执行非授权操作。例如对于以下代码： curlsetopt$ch, CURLOPTURL, "file:file:////etc/passwd"; curl首先对以下内容检查safemode和openbasedir： "file:////etc/passwd" 接下来读取：...

OpenJDK Pack200 Buffer overflow vulnerability (6792554)

Integer overflow in unpack200 in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers...