EUVD-2013-1921

Malware in sbrugna...

SUSE CVE-2013-1927

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."...

Arbitrary Code Execution

The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web...

IBM Marketing Operations Arbitrary File Upload Vulnerability

IBM Marketing Operations formerly known as IBM Unica Marketing Operations is a suite of marketing management software from the American company IBM. The software supports streamlining of production processes, tracking of budgets and expenditures, and improved teamwork. IBM Marketing Operations...

CVE-2014-8887

IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors...

Design/Logic Flaw

IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors...

CVE-2014-8887

IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors...

CVE-2014-8887

CVE-2014-8887 affects IBM Marketing Operations 7.x/8.x (before 8.5.0.7.2), 8.6.x (before 8.6.0.8), 9.0.x (before 9.0.0.4.1), 9.1.0.x (before 9.1.0.5), and 9.1.1.x (before 9.1.1.2). A remote authenticated attacker can upload arbitrary GIFAR files and modify data via unspecified vectors. The root c...

openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0715-1)

update to 1.3.2 bnc815596 - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is...

openSUSE Security Update : icedtea-web (openSUSE-SU-2013:0897-1)

update to 1.3.2 bnc815596 - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin is...

SuSE 11.3 Security Update : icedtea-web (SAT Patch Number 7981)

This update to IcedTea-Web 1.4 provides the following fixes and enhancements : - Security updates - RH916774: Class-loader incorrectly shared for applets with same relative-path. CVE-2013-1926 - RH884705: fixed gifar vulnerabilit. CVE-2013-1927 - RH840592: Potential read from an uninitialized...

Oracle Linux 6 : icedtea-web (ELSA-2013-0753)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0753 advisory. - Updated to latest ustream release of 1.2 branch - 1.2.3 - Security Updates - CVE-2013-1927, RH884705 - fixed gifar vulnerability - CVE-2013-1926,...

CVE-2013-1927

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."...

CVE-2013-1927

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."...

Code injection

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."...

CVE-2013-1927

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."...

CVE-2013-1927

The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."...

CVE-2013-1927

CVE-2013-1927 affects the IcedTea-Web plugin. Vulnerable 1.2.3 and 1.3.x prior to 1.3.2 validate a file as both GIF and Java JAR (GIFAR), enabling remote code execution when processing crafted files. Mitigation: upgrade to icedtea-web 1.3.2 (or later). Exploitation status not detailed in the prov...

SuSE 11.2 Security Update : icedtea-web (SAT Patch Number 7642)

This update to version 1.3.2 fixes several security updates and common fixes. bnc815596 Security Updates - fixed gifar vulnerability. CVE-2013-1927 - Class-loader incorrectly shared for applets with same relative-path. Common. CVE-2013-1926 - Added new option in itw-settings which allows users to...

Fedora 19 : icedtea-web-1.3.2-0.fc19 (2013-5877)

New in release 1.3.2 2013-04-17 : - Security Updates - CVE-2013-1927, RH884705: fixed gifar vulnerability - CVE-2013-1926, RH916774: Class-loader incorrectly shared for applets with same relative-path. - Common - Added new option in itw-settings which allows users to set JVM arguments when plugin...