CVE-2009-1101

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allows remote attackers to cause a denial of service probably resource consumption for a JAX-WS service endpoint via a connection without...

CVE-2009-1105

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490...

CVE-2009-1095

CVE-2009-1095 : Integer overflow in unpack200 within Java SE/JRE up to JDK/JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier. This vulnerability enables a remote attacker to gain access to files or execute arbitrary code by delivering a crafted Pack200 header inside a JAR. The provided d...

CVE-2009-1097

Technical details for CVE-2009-1097 are not publicly provided in the supplied documents. The initial entry mentions buffer overflows in JDK/JRE 6 Update 12 and earlier but no concrete remediation or impact details are given here. Monitor for updates.

CVE-2009-1107

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing...

CVE-2009-1098

CVE-2009-1098 is a buffer overflow in Oracle Java SE/JRE components that can allow remote code execution via a crafted GIF image. Affected are JDK/JRE 5.0 Update 17 and earlier, 6 Update 12 and earlier, 1.4.2_19 and earlier, and 1.3.1_24 and earlier. The vulnerability enables an attacker to acces...

Java WebStart privilege escalation

Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...

Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM® 1.6.0 Java™ release...

CVE-2009-1094

Unspecified vulnerability in the LDAP implementation in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier allows remote LDAP servers to execute arbitrary code via unknown vector...

CVE-2009-1100

Multiple unspecified vulnerabilities in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service disk consumption via vectors related to temporary font files and 1 "limits on Font...

CVE-2009-1097

Multiple buffer overflows in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via 1 a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen,...

CVE-2009-1095

Integer overflow in unpack200 in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers...

CVE-2009-1098

Buffer overflow in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998...

IBM-Sun deal could alter identity management landscape

The rumored acquisition of Sun Microsystems by IBM could have far-reaching consequences for the identity-management market. Both companies have long histories in the IAM market, but have taken different paths over the years, with Sun focusing on open-source development and IBM sticking with the...

phpinfo cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Vulnerability description: php is a widely used programming language, can be nested in the html with a to do web app development. phpinfois used to display the current php environment is a function of many site and program will phpinfo on your own site or on a program, but phpinfo in the presence...

POP Peeper Date头处理栈溢出漏洞

BUGTRAQ ID: 34093 POP Peeper是运行在Windows任务栏中的邮件通知程序，当接收到新邮件时会给出提示。 POP Peeper在处理超长的Date头时存在栈溢出漏洞。如果用户受骗连接到了恶意的POP3服务器检索邮件的话，服务器可以同邮件消息返回292字节的超长Date头溢出栈上缓冲区，导致在用户系统上执行任意指令。 Mortal Universe Software Entertainment POP Peeper 3.4.0.0 厂商补丁： Mortal Universe Software Entertainment...

POP Peeper 3.4.0.0 Buffer Overflow Exploit

!/usr/bin/perl KL0309EXP-poppeeperdate-bof.pl 03.12.2009 Krakow Labs Development www.krakowlabs.com POP Peeper 3.4.0.0 Date Remote Buffer Overflow Exploit SEH overwrite exploitation, uses Imap.dll included with POP Peeper for universal exploitation more love for no /SafeSEH. Tested on Windows XP...

SOL9761 - PHP vulnerability - CVE-2008-5557

A heap-based buffer overflow in PHP 4.3.0 through 5.2.6 may allow attackers to execute arbitrary code. Information about this advisory is available at the following location: Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without o...

EO Video 1.36 - Playlist Overwrite (SEH)

!/usr/bin/python usage: exploit.py print "" print " EO Video v1.36 PlayList Seh Overwrite Exploit\n" print " Author: j0rgan" print " Seh Exploitation : His0k4" print " Tested on: Windows XP SP2 Fr\n" print " Greetings to: All friends & Muslims HacKerS DZ" print "" buff = "\x41" 1356 nextseh =...

Can we learn from Microsoft and Google on security?

Tech security company Fortify and security consulting firm Cigital are getting ready to release a set of best practices that tech companies and other businesses can follow to ensure that the software they develop is secure. The authors developed the model by studying the security practices at...