8680 matches found
RedHat Security Advisory RHSA-2009:0015
The remote host is missing updates announced in advisory RHSA-2009:0015. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software...
JRE allows unauthorized memory read access via a crafted ZIP file
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file...
OpenJDK Truetype Font processing vulnerability (6751322)
Integer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which...
JavaWebStart allows unauthorized network connections
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka...
OpenJDK Buffer overflow in image processing (6726779)
Buffer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the...
Critical: Red Hat Security Advisory: java-1.5.0-ibm security update
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2...
Critical: Red Hat Security Advisory: java-1.6.0-ibm security update
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2...
Visuplay CMS SQL Injection
http://www.visuplay.com Visuplay is a web dev company that offers a CMS that goes with its websites that helps it be managed after all, that Is what a cms does right? Anywho, you can add your own sql code to various query areas through out the CMS like newsarticle.php and contentpage.php. Here's ...
GForge GroupJoinRequest.class远程SQL注入漏洞
BUGTRAQ ID: 33086 CVECAN ID: CVE-2008-2381 GForge是用于管理软件开发周期的工具。 GForge的common/include/GroupJoinRequest.class文件中没有正确地验证对create函数的输入,远程攻击者可以通过提交恶意的SQL查询请求注入并执行恶意代码。 GForge GForge 4.6 GForge GForge 4.5 GForge ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CoolPlayer 2.19 - .Skin Local Buffer Overflow
CoolPlayer 2.19 - .Skin Local Buffer Overflow / CoolPlayer 2.19 Skin File Local Buffer Overflow Exploit Advisory: http://www.bmgsec.com.au/advisory/43/ Test box: WinXP Pro SP2 English Code reference is in skin.c, lines 464 - 480 Written and discovered by: r0ut3r writ3r at gmail.com /...
JVN#50327700 PHP vulnerable to cross-site scripting
PHP is an open source scripting language that is especially suited for Web development. PHP contains a cross-site scripting vulnerability as it does not properly handle errors. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...
Multiple XSS Vulnerabilities in World Recipe 2.11
Armorize Technologies Security Advisory Armorize-ADV-2008-0001 Title: Multiple XSS Vulnerabilities in World Recipe 2.11 Date: 2008/12/15 Status: Full Class: Input Validation Error Bugtraq ID: N/A Category: Cross Site Scripting Language: ASP.NET C Description Armorize-ADV-2008-0001 discloses...
JRE allows unauthorized memory read access via a crafted ZIP file
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file...
Java WebStart allows hidden code privilege escalation
Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF an...
OpenJDK Denial-Of-Service in kerberos authentication (6588160)
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service OS resource consumption via...
OpenJDK temporary files have guessable file names (6721753)
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...
Java WebStart privilege escalation
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...
Java Web Start, untrusted application may determine Cache Location (6704074)
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to obtain sensitive information the cache location via an untrusted application, aka CR 6704074...
Apache Struts 2 devMode Information Disclosure
The remote web server is using Apache Struts 2, a web application framework for developing Java EE web applications. The version of Apache Struts 2 installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web...
PHP 5.2.6 - error_log Safe_mode Bypass
PHP 5.2.6 - errorlog Safemode Bypass SecurityReason.com PHP 5.2.6 errorlog safemode bypass Author: Maksymilian Arciemowicz cXIb8O3 securityreason.com Date: - - Written: 10.11.2008 - - Public: 20.11.2008 SecurityReason Research SecurityAlert Id: 57 CWE: CWE-264 SecurityRisk: Medium Affected...