SEC Consult SA-20111012-0 :: Client-side remote file upload & command execution in Microsoft Forefront UAG Remote Access Agent (CVE-2011-1969)

SEC Consult Vulnerability Lab Security Advisory 20111012-0 ======================================================================= title: Client-side remote file upload & command execution product: Microsoft Forefront Unified Access Gateway Remote Access Agent signed Java applet vulnerable versio...

CVE-2011-1969

Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution...

Remote code execution

Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution...

CVE-2011-1969

Microsoft Forefront Unified Access Gateway UAG 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution...

Microsoft Forefront UAG Poisoned Cup of Code Execution (MS11-079; CVE-2011-1969)

The vulnerability is due to a vulnerable Java applet that is installed on a browser by the Forefront Unified Access Gateway UAG server. A remote attacker may exploit this vulnerability by enticing a target user to open a malicious web-page using a Java-enabled Web-browser. Successful exploitation...

CVE-2011-1827

Multiple unspecified vulnerabilities in Check Point SSL Network Extender SNX, SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a 1 ActiveX control or 2 Java applet...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Check Point SSL Network Extender SNX, SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a 1 ActiveX control or 2 Java applet...

CVE-2011-1827

CVE-2011-1827 : Multiple vulnerabilities in Check Point components (SSL Network Extender/SNX, SecureWorkSpace, Endpoint Security On-Demand) allow remote code execution via a signed ActiveX control or Java applet. Exploitation, as described by SEC Consult, involves loading a malicious page or docu...

CVE-2011-1827

Multiple unspecified vulnerabilities in Check Point SSL Network Extender SNX, SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a 1 ActiveX control or 2 Java applet...

Firefox Java update ready to stop BEAST attacks

Firefox Java update ready to stop BEAST attacks Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework. Johnath, the...

Java for Mac OS X 10.5 Update 10

This host is missing an important security update according to Mac OS X 10.5 Update 10. OpenVAS Vulnerability Test $Id: secpodmacosxjava105upd10.nasl 7024 2017-08-30 11:51:43Z teissa $ Java for Mac OS X 10.5 Update 10 Authors: Sooraj KS Copyright: Copyright c 2011 SecPod, http://www.secpod.com Th...

SEC Consult SA-20110810-0 :: Client-side remote file upload & command execution in Check Point SSL VPN On-Demand applications - CVE-2011-1827

SEC Consult Vulnerability Lab Security Advisory 20110810-0 ======================================================================= title: Client-side remote file upload & command execution product: Check Point SSL VPN On-Demand applications signed Java applet and ActiveX control SSL Network...

Mozilla Firefox 3.6.16 (Windows 7) - mChannel Object Use-After-Free

Mozilla mChannel Object use after free - Found by regenrecht - MSF exploit by Rh0 - Win 7 fun version by mrme function trigger alert'ready?'; fakeobject = document.getElementById"d"; // allocate the object fakeobject.QueryInterfaceComponents.interfaces.nsIChannelEventSink; // append to the object...

Design/Logic Flaw

Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts...

CVE-2011-0219

CVE-2011-0219 affects Apple Safari prior to 5.0.6, where a Java applet loading fonts can bypass the Same Origin Policy and alter the rendering of text from arbitrary websites. The issue is described in the Apple advisory as part of Safari’s vulnerabilities fixed by Safari 5.0.6 and in later 5.1 u...

Opera Browser Multiple Vulnerabilities Jul-11 (Windows)

The host is installed with Opera browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvulnwin02jul11.nasl 7006 2017-08-25 11:51:20Z teissa $ Opera Browser Multiple Vulnerabilities July-11 Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbone...

Opera < 11.10 Multiple Vulnerabilities

Binary data 5988.prm...

Opera < 11.10 Multiple Vulnerabilities

The version of Opera installed on the remote Windows host is earlier than 11.10 and thus is potentially affected by the following vulnerabilities : - An unspecified vulnerability allows remote attackers to hijack searches and customizations using unspecified third-party applications. CVE-2011-263...

Opera Browser Multiple Vulnerabilities (Jul 2011) - Windows

Opera browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hardcoded credentials

Opera before 11.10 allows remote attackers to cause a denial of service application crash via an HTML document that has an empty parameter value for an embedded Java applet...