Security feature bypass

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x aka StarOffice up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents...

EUVD-2006-2200

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x aka StarOffice up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents...

CVE-2006-2199

OpenOffice.org Java sandbox escape (CVE-2006-2199) affects OpenOffice/StarOffice releases up to 2.0.x before 2.0.3 and 1.1.x up to 1.1.5. A user-invoked Java applet in a document could break sandbox restrictions and run arbitrary code with the caller’s privileges. Connected advisories show distri...

Java applets stack overflow

Recursive array definition leads to stack overflow...

CVE-2005-3907

Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrusted Java applets...

Specially crafted Java applets can crash Opera – Opera Security Advisories

Specially crafted Java applets can crash Opera – Opera Security Advisories OPCOM Team | November 23, 2005 Summary A specially crafted Java applet can cause Opera to crash. Severity: Not exploitable Problem description Java code using LiveConnect methods to remove a property of aJavaScript object...

Specially crafted Java applets can crash Opera

Java code using LiveConnect methods to remove a property of aJavaScript object may in some cases use null pointers that canmake Opera crash. This crash is not exploitable and such code israre on the web...

CVE-2004-2281

Technical details about CVE-2004-2281 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

CVE-2004-2281

Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by 1 KSPR5YS6GR and 2 KSPR62F4D3...

Konqueror fails to restrict access to Java classes

Overview The Konqueror web browser may allow Java applets and JavaScripts to bypass the Java security settings and access restricted Java classes. Exploitation may allow a remote attacker to read and write arbitrary files on a vulnerable system. Description Konqueror is a web browser and file...

CVE-2004-2280

Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service crash via unknown vectors related to Java applets, as identified by KSPR62F4KN...

CVE-2004-2281

Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by 1 KSPR5YS6GR and 2 KSPR62F4D3...

Sun Java Applet 1.x - Invocation Version Specification

source: https://www.securityfocus.com/bid/11757/info Java provides support for dynamic and static versioning when loading applets in the Java plug-in. This means that during the invocation of an applet, a user can request that a particular version of a plug-in be used to run the applet. The featu...

iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability

Sun Java Plugin Arbitrary Package Access Vulnerability iDEFENSE Security Advisory 11.22.04 www.idefense.com/application/poi/display?id=158&type=vulnerabilities November 22, 2004 I. BACKGROUND Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition JRE,...

Sun Java Plugin 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation

Sun Java Plugin 1.4.2 01 - Cross-Site Applet Sandbox Security Model Violation source: https://www.securityfocus.com/bid/8857/info A vulnerability has been reported in Java implementations that may potentially allow Java applets from two different domains to violate the sandbox security model and...

Microsoft Security Bulletin MS03-011:Flaw in Microsoft VM Could Enable System Compromise (816093)

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------- Title: Flaw in Microsoft VM Could Enable System Compromise 816093 Date: 09 April 2003 Software: Microsoft VM Impact: Allow attacker to execute code of his or her choice Max Risk: Critical...

CoffeeCup Software Password Wizard 4.0 - HTML Source Password Retrieval

// source: https://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard configured to generate Java applets to password protect pages. Specifically, t...

Microsoft Virtual Machine allows untrusted applets to access the user.dir system property

Overview Some versions of the Microsoft virtual machine Microsoft VM contain a flaw that could leak information about the user's system. This flaw could allow malicious Java applets to get information they would normally be denied access to. Description The Microsoft virtual machine Microsoft VM...

Microsoft Virtual Machine allows applets write access to the Standard Security Manager

Overview A flaw in the Microsoft virtual machine Microsoft VM could allow malicious Java applets to block other, legitimate applets from running, resulting in a denial-of-service condition. Description The Microsoft virtual machine Microsoft VM enables Java programs to run on Windows platforms. T...

Vulnerabilities in Microsoft's Java implementation

OVERVIEW ======== Microsoft Internet Explorer comes with Java virtual machine and accompanying class packages. Multiple security vulnerabilities have been found in the Java environment. Some of these allow an attacker to deliver and run arbitrary code on the Internet Explorer or Outlook user's...