CVE-2007-2402

QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information screen content via crafted Java applets...

CVE-2007-2396

The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets...

CVE-2007-2393

The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution...

CVE-2007-2396

CVE-2007-2396 concerns the JDirect support in QuickTime for Java within Apple QuickTime prior to version 7.2. The vulnerability arises because JDirect exposes dangerous interfaces that can be abused by remote attackers via crafted Java applets to achieve arbitrary code execution. Some sources exp...

CVE-2007-2389

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets...

Code injection

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets...

CVE-2007-2389

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets...

GLSA-200705-20 : Blackdown Java: Applet privilege escalation

The remote host is affected by the vulnerability described in GLSA-200705-20 Blackdown Java: Applet privilege escalation Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered an...

SUSE-SA:2006:040: OpenOffice_org

The remote host is missing the patch for the advisory SUSE-SA:2006:040 OpenOfficeorg. Following security problems were found and fixed in OpenOfficeorg: - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon...

security flaw

Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...

Fedora Core 5 : openoffice.org-2.0.2-5.16.2 (2006-770)

CVE-2006-2198 macro security - CVE-2006-2199 java applets - CVE-2006-3117 corrupt file format more details at http://www.openoffice.org/security/bulletin-20060629.h tml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

CVE-2006-6745

CVE-2006-6745 describes serialization-related flaws in Sun JDK/JRE 5.0 Update 7 and earlier, and Java SDK/JRE 1.4.2_12 and earlier 1.4.x, that could allow an untrusted Java applet or application to gain privileges. The connected advisories confirm these issues affect multiple IBM Java runtimes as...

CVE-2006-6731

Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...

Mozilla Firefox/SeaMonkey/Thunderbird多个安全漏洞

Mozilla Firefox/SeaMonkey/Thunderbird是Mozilla开发的WEB浏览器和邮件客户端等套件。 Mozilla Firefox/SeaMonkey/Thunderbird存在多个安全问题，远程攻击者可以利用漏洞获得敏感信息，执行任意代码，提升特权等攻击。 具体包含： -当使用CSS指针属性设置指针到部分图象时，在转换图象到Windows bitmap时由于错误的大小处理会导致堆溢出。 -使用JavaScript watch可导致特权提升。 -bridge代码允许Java applets和JavaScript通信，由于重用已经释放的对象可导致应用程序崩溃。...

Mozilla Foundation Security Advisory 2006-71

Mozilla Foundation Security Advisory 2006-71 Title: LiveConnect crash finalizing JS objects Impact: Critical Announced: December 19, 2006 Reporter: Steven Michaud Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.1 Firefox 1.5.0.9 Thunderbird 1.5.0.9 SeaMonkey 1.0.7 Description...

GLSA-200607-12 : OpenOffice.org: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200607-12 OpenOffice.org: Multiple vulnerabilities Internal security audits by OpenOffice.org have discovered three security vulnerabilities related to Java applets, macros and the XML file format parser. Specially crafted Java...

OpenOffice.org: Multiple vulnerabilities

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Internal security audits by OpenOffice.org have discovered three security vulnerabiliti...

OpenOffice.org may fail to properly contain certain Java applets

Overview The OpenOffice.org team has reported a vulnerability in how the 1.1 and 2.0 versions of OpenOffice.org handle certain Java applets. Description OpenOffice.org is an office suite that is available for multiple operating systems, including Windows, Linux, Apple Mac OS X, and BSD. It includ...

Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2006:118)

OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. CVE-2006-2198 An unspecified vulnerability in Java Applets in...

security flaw

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x aka StarOffice up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents...