21 matches found
Authentication Bypass Vulnerability in Weetop CMS Backend
Weetop CMS is a web content management system developed by Hangzhou Tintop Technology Co. An authentication bypass vulnerability exists in the Weetop CMS V2.0 administration backend in the login session check processing mechanism. An attacker can bypass the forced jump without login by disabling...
US-CERT Alert TA13-051A - Oracle Java Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-051A Oracle Java Multiple Vulnerabilities Original release date: February 20, 2013 Last revised: -- Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 13 and earlier JDK and...
It's Time to Abandon Java
As humans, we have a difficult time letting go of things. Whether it be a favorite pair of jeans, a beloved dog or an old friend who you know is just bringing you down, putting aside things we know well is hard to do. But sometimes things are just too broken to be useful any longer, and that’s th...
US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-010A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: January 10, 2013 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including Java Platform...
Microsoft Internet Explorer CButton use-after-free vulnerability
Overview Microsoft Internet Explorer contains a use-after-free vulnerability in the CButton object, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a use-after-free vulnerability in the mshtml...
New Java Zero Day Being Used in Targeted Attacks
There is a newly discovered zero day vulnerability in Java 7 that is being used in some targeted attacks right now. The vulnerability works against Internet Explorer and Firefox and researchers say that attackers are exploiting in the wild and installing a version of the Poison Ivy RAT on...
Fedora 16 : kdepim-4.8.4-4.fc16 (2012-10411)
kmail security patch to disable java, JavaScript, browser plugins in html mail by default. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Husdawg, LLC Systems Requirements Lab ActiveX control and Java applet vulnerable to arbitrary code download and execution
Overview The Husdawg, LLC. System Requirements Lab ActiveX control and Java applet allow an unauthenticated remote attacker to download and execute arbitrary code. Description Husdawg, LLC. provides an ActiveX control and signed Java Applet that are used for benchmarking the capabilities of a PC...
Mozilla Foundation Security Advisory 2008-28
Mozilla Foundation Security Advisory 2008-28 Title: Arbitrary socket connections with Java LiveConnect on Mac OS X Impact: High Announced: July 1, 2008 Reporter: Gregory Fleischer Products: Firefox, SeaMonkey Fixed in: Firefox 3.0 Firefox 2.0.0.15 SeaMonkey 1.1.10 Description Security researcher...
Apple QuickTime for Java may allow Java applets to gain elevated privileges
Overview Apple QuickTime for Java contains a vulnerability that may allow a malicious Java applet to gain elevated privileges. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime for Java provides APIs which allow Java developers to include multimedia in Java...
Apple QuickTime for Java security bypass vulnerability
Overview Apple QuickTime for Java fails to properly restrict the instantiation and manipulation of Java objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple QuickTime includes the ability to integrate QuickTim...
Mozilla LiveConnect vulnerable to crash finalizing JS objects
Overview A vulnerability exists in the Mozilla LiveConnect that may allow a remote attacker to cause a denial of service. Description Mozilla LiveConnect, which allows communication between Java applets and web JavaScript, contains a vulnerability in the way freed objects are re-used that may...
Sun Microsystems Java GIF image processing buffer overflow
Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...
Sun Java JRE vulnerable to privilege escalation
Overview A vulnerability in the Sun Java Runtime Environment may allow a malicious applet to gain elevated privileges. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple operati...
Sun Java JRE vulnerable to arbitrary code execution via an unspecified error
Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...
Sun Java Reflection API security bypass vulnerabilities
Overview Multiple vulnerabilities in the Sun Java Reflection API may allow an untrusted Java applet to bypass security restrictions and execute arbitrary code. Description The Sun Java Reflection API allows Java classes to determine information about other Java classes, such as public methods...
Sun Java Management Extensions privilege escalation vulnerability
Overview A vulnerability in the Sun Java Management Extensions API may allow a remote attacker to execute arbitrary code. Description According to Sun Microsystems:Java Management Extensions JMX technology provides the tools for building distributed, Web-based, modular and dynamic solutions for...
Sun Java Runtime Environment applet privilege escalation vulnerability
Overview The Sun Java Runtime Environment JRE may allow an untrusted Java applet to bypass Java security settings and execute arbitrary code. Description The Sun Java Runtime Environment provides the libraries and components necessary to run Java-based applications. There is an unspecified...
Microsoft Virtual Machine allows untrusted applets to access the user.dir system property
Overview Some versions of the Microsoft virtual machine Microsoft VM contain a flaw that could leak information about the user's system. This flaw could allow malicious Java applets to get information they would normally be denied access to. Description The Microsoft virtual machine Microsoft VM...
Microsoft Virtual Machine incorrectly parses the domain portion of URLs containing a colon
Overview Some versions of the Microsoft virtual machine Microsoft VM contain a flaw that could allow untrusted Java applets from an attacker's site to be run instead of the trusted applet from the intended site. Description The Microsoft virtual machine Microsoft VM enables Java programs to run o...