CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the...

CVE-2020-17521

CVE-2020-17521 affects Apache Groovy extension methods that handle temporary directory creation. The root cause is a race condition in Groovy’s implementation, which previously called a now-superseded Java JDK method; this could allow a local attacker to obtain sensitive information. Affected ver...

CVE-2020-17521

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the...

BetterBackdoor - A Backdoor With A Multitude Of Features

A backdoor is a tool used to gain remote access to a machine. Typically, backdoor utilities such as NetCat have 2 main functions: to pipe remote input into cmd or bash and output the response. This is useful, but it is also limited. BetterBackdoor overcomes these limitations by including the...

Arbitrary Code Execution

ibm java jdk is vulnerable to arbitrary code execution. Out-of-bounds access in the String.getBytes method allows an attacker to write arbitrary data to any 32-bit address or beyond the end of byte array within Java code run under a SecurityManager, resulting in code execution...

Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by multiple vulnerabilities

Summary There are multiple vulnerabilities in IBM® Java SE distribution that are fixed in the October release. IBM i2 Enterprise Insight Analysis 2.1.8 and 2.2.0 are impacted by these Java Vulnerabilities. This security bulletin explains the issue and how to remediate it. In summary download the...

Important: Red Hat Security Advisory: java-1.6.0-sun security update

An update for java-1.6.0-sun is now available for Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM SDK Java Technology Edition, Version 6 and IBM SDK Java Technology Edition, Version 7 that is used by IBM OS Images for Red Hat Linux Systems, AIX, and Windows. Vulnerability Details CVEID...

KLA10887 Multiple vulnerabilities in Oracle Java SE

An unspecified vulnerabilities were found in Oracle Java SE. By exploiting this vulnerability malicious users can cause denial of service, affect integrity or obtain sensitive information. This vulnerability can be exploited remotely. Technical details These vulnerabilities are related to 2D, AWT...

SOL91245485 - RSA-CRT key leak vulnerability CVE-2015-5738

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Burpkit - Next-Gen Burpsuite Penetration Testing Tool

Welcome to the next generation of web application penetration testing - using WebKit to own the web. BurpKit is a BurpSuite plugin which helps in assessing complex web apps that render the contents of their pages dynamically. It also provides a bi-directional JavaScript bridge API which allows...

KeyBox - A web-based SSH console that centrally manages administrative access to systems

KeyBox is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys. Key management and administration is based on profiles assigned to defined users. Administrators can login...

Sun Java JDK 1.x - Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24004/info Sun JDK is prone to a multiple vulnerabilities. An attacker can exploit these issues to crash the affected application, effectively denying service. The attacker may also be able to execute arbitrary code, whic...

OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA...

Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution (Unix)

The version of Oracle formerly Sun Java Runtime Environment JRE 7.x installed on the remote host is earlier than Update 17. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)

The version of Sun Java Runtime Environment JRE 6.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the JRE could allow unauthorized access to certain URL resources or cause a denial of service condition while processing XML data. In order to successful...

Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution

Binary data 6711.prm...

VUPEN Security Research - Oracle Java ICC Profile &quot;pseq&quot; Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "pseq" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

VUPEN Security Research - Oracle Java ICC Profile &quot;scrn&quot; Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

Oracle Java SE Multiple Vulnerabilities (Windows)

This host is installed with Oracle Java JDK/JRE and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbsunjavasemultvulnoct10win.nasl 11742 2010-10-25 15:43:20Z oct$ Oracle Java SE Multiple Vulnerabilities Windows Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...