QuickTime < 7.4.5 Multiple Vulnerabilities

Binary data 4458.prm...

hacking the mitsubishi GB-50A

Hi All, Well, it's been over 4 months since my plea for a security contact at Mitsubishi Electric to come forward. Since no one has, I thought I'd release a POC for hacking one. It's not exactly hard, the web controller uses a nasty set of Java applets to interact with itself. The shocking thing ...

Cross site scripting

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting XSS attacks...

CVE-2008-1007

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting XSS attacks...

CVE-2008-1007

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting XSS attacks...

CVE-2008-1007

The connected Seebug entry confirms CVE-2008-1007 affects Apple Safari/WebKit: WebCore in Safari

Moderate: Red Hat Security Advisory: java-1.5.0-bea security update

Updated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.5.014 JRE and SDK conta...

Anti-DNS Pinning and Java Applets with HTTP proxy

Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound...

Apple QuickTime for Java may allow Java applets to gain elevated privileges

Overview Apple QuickTime for Java contains a vulnerability that may allow a malicious Java applet to gain elevated privileges. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime for Java provides APIs which allow Java developers to include multimedia in Java...

Code injection

Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors...

CVE-2007-3751

Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors...

CVE-2007-3751

Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors...

openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-1698)

Following security problems were found in OpenOfficeorg : - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access...

Anti-DNS Pinning and Java Applets with HTTP proxy

Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound...

Anti-DNS Pinning and Java Applets with Opera and Firefox

Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound...

Code injection

WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page...

CVE-2007-2408

The CVE-2007-2408 issue affects WebKit/Safari: WebKit in Apple Safari 3 Beta (before Update 3.0.3) does not properly honor an unchecked Enable Java setting, allowing remote attackers to execute Java applets via a crafted page. Vulnerability lies in how the Java preference is processed, enabling p...

Code injection

QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets...

CVE-2007-2402

QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information screen content via crafted Java applets...

Code injection

The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets...