Mozilla Firefox 3.6.x < 3.6.17 Multiple Vulnerabilities

Binary data 801238.prm...

The Social-Engineer Toolkit v1.3.5 Released !

The Social-Engineer Toolkit v1.3.5 Released ! "The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to...

Mandriva Update for firefox MDVA-2011:008 (firefox)

Check for the Version of firefox OpenVAS Vulnerability Test Mandriva Update for firefox MDVA-2011:008 firefox Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Mac OS X : Java for Mac OS X 10.6 Update 4

The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 4. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the...

Mac OS X : Java for Mac OS X 10.5 Update 9

The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 9. As such, it is affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the privileges of the current user outside the...

MDVA-2011:008 : firefox

This is a bugfix release that upgrades firefox to the latest version 3.6.15 due to issues where some Java applets would fail to load. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:...

Java Multiple Issues

Hi all and sorry for cross post, after several months since I contacted Oracle informing them about ten issues on Java applet security, they finally released an Java 6 update 22 which fixes several security issues In particular the issues are the following, sorted by impact: Information Disclosur...

Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin &#40;SOP&#41; Policy Bypass

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Oracle JRE - java.net.URLConnection class – Same-of-Origin SOP Policy Bypass PDF: http://www.security-assessment.com/files/advisories/OracleJREjavaneturlconnectionSOPBypass.pdf CVE...

Oracle JRE - java.net.URLConnection class Same-of-Origin Policy Bypass

Exploit for windows platform in category remote exploits ======================================================================== Oracle JRE - java.net.URLConnection class Same-of-Origin Policy Bypass ======================================================================== Description...

Oracle JRE - java.net.URLConnection class Same-of-Origin SOP Policy Bypass

Oracle JRE - java.net.URLConnection class Same-of-Origin SOP Policy Bypass Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when...

Oracle JRE - java.net.URLConnection class Same-of-Origin &#039;SOP&#039; Policy Bypass

Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when communication occurs between two domains that resolve to the same IP address. Thi...

Sun Java - Calendar Deserialization (Metasploit)

$Id: javacalendardeserialize.rb 10389 2010-09-20 04:38:13Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Akamai Download Manager arbitrary file download &amp; execution

------------------------------------------------------------------------ Akamai Download Manager arbitrary file download & execution ------------------------------------------------------------------------ Yorick Koster, April 2009...

Akamai Download Manager Arbitrary Download / Execution

------------------------------------------------------------------------ Akamai Download Manager arbitrary file download & execution ------------------------------------------------------------------------ Yorick Koster, April 2009...

Mac OS X Java mediaLibImage对象处理远程代码执行漏洞

BUGTRAQ ID: 40238 CVE ID: CVE-2010-0538 Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X在处理mediaLibImage对象时存在越界内存访问漏洞，用户受骗访问了包含有不可信任的Java applet的恶意网页就可能导致拒绝服务或执行任意代码。 Apple Mac OS X 10.6 Apple Mac OS X 10.5 Apple MacOS X Server 10.6 Apple MacOS X Server 10.5 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

VulnCheck KEV: CVE-2003-0111

The ByteCode Verifier component of Microsoft Virtual Machine VM build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka "Flaw in Microsoft VM Could Enable System Compromise....

Design/Logic Flaw

Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet...

CVE-2010-0523

Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet...

Sun Java SE Unspecified Vulnerability In JDK/JRE/SDK (Aug 2009)

Sun Java JDK/JRE/SDK is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-814-1: OpenJDK vulnerabilities

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. CVE-2009-0217 It was discovered that JAR bundles would appear signed if only one element w...