Sun and Blackdown Java: Applet privilege escalation

Background Sun and Blackdown both provide implementations of the Java Development Kit JDK and Java Runtime Environment JRE. Description Adam Gowdiak discovered multiple vulnerabilities in the Java Runtime Environment's Reflection APIs that may allow untrusted applets to elevate privileges. Impact...

Sun Java Runtime Environment applet privilege escalation vulnerability

Overview The Sun Java Runtime Environment JRE may allow an untrusted Java applet to bypass Java security settings and execute arbitrary code. Description The Sun Java Runtime Environment provides the libraries and components necessary to run Java-based applications. There is an unspecified...

CVE-2005-3583

1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.208, 1.4.209, and 1.5.005 and possibly other versions allow remote attackers to cause a denial of service JVM unresponsive via a crafted serialized object, such as a font object as demonstrated on JBoss...

CVE-2005-3583

1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.208, 1.4.209, and 1.5.005 and possibly other versions allow remote attackers to cause a denial of service JVM unresponsive via a crafted serialized object, such as a font object as demonstrated on JBoss...

CVE-2004-2540

readObject in 1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.0 through 1.4.205 allows remote attackers to cause a denial of service JVM unresponsive via crafted serialized data...

CVE-2005-3583

The CVE-2005-3583 entry concerns Oracle/Sun Java Runtime Environment (JRE) and Software Development Kit (SDK) versions 1.4.2_08, 1.4.2_09, and 1.5.0_05 (and possibly others) that allow remote attackers to cause a denial of service by sending a crafted serialized object (e.g., a font object), whic...

Oracle OraClient Component Insecure Installation Issue

Secunia Advisory: SA16577 Release Date: 2005-09-06 Critical: Less critical Impact: System access Where: From remote Solution Status: Unpatched Software: Oracle Database Server 10g Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: Harr...

CVE-2001-1480

Affected software: Sun JRE/JDK 1.2–1.3.0_04. Vulnerable component: clipboard access logic in untrusted applets. Root cause/impact: enables untrusted applets to access the system clipboard, potentially exposing or altering clipboard data. Affected products explicitly listed as SUN JRE/JDK versions...

CVE-2001-1480

Java Runtime Environment JRE and SDK 1.2 through 1.3.004 allows untrusted applets to access the system clipboard...

Sun Java JRE / Web Start Java Plug-in Untrusted Applet Privilege Escalation

The remote host is using a vulnerable version of Sun Java Runtime Plug-in, an web browser addon used to display Java applets. It has been reported that the JRE Plug-in Security can be bypassed. A remote attacker could exploit this by tricking a user into viewing a maliciously crafted web page...

CVE-2003-1123

Sun Java Runtime Environment JRE and SDK 1.4.001 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model...

CVE-2004-1503

The CVE-2004-1503 entry concerns the Java Runtime Environment (JRE) InitialDirContext vulnerability. Affected software are JRE versions 1.4.2, 1.5.0 (and possibly others). The issue arises in the InitialDirContext where an integer overflow allows a large sequence of DNS requests to cause the xid ...

CVE-2004-1503

Integer overflow in the InitialDirContext in Java Runtime Environment JRE 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service Java exception and failed DNS requests via a large number of DNS requests, which causes the xid variable to wrap around and becom...

HP-UX PHSS_22678 : HP-UX ContinentalClusters, Remote Unauthorized Access (HPSBUX00133 SSRT071376 rev.2)

s700800 11.X Continental Clusters A.02.00 : ContinentalClusters includes the Java Runtime Environment JRE which is affected by the security issue described in Hewlett-Packard Company Security Bulletin 0132, 30 Nov. '00, ITRC Technical Knowledge base Document ID HPSBUX0011-132. %NASLMINLEVEL 70300...

Sun Java JRE Plug-in Capability Arbitrary Package Access

The remote host is using a vulnerable version of Sun Java Runtime Plug-in, a web browser addon used to display Java applets. Two security issues have been reported in the remote version of this product : - An untrusted applet may escalate its privileges in order to read, write or execute files on...

CVE-2004-2540

readObject in 1 Java Runtime Environment JRE and 2 Software Development Kit SDK 1.4.0 through 1.4.205 allows remote attackers to cause a denial of service JVM unresponsive via crafted serialized data...

CVE-2004-1503

Integer overflow in the InitialDirContext in Java Runtime Environment JRE 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service Java exception and failed DNS requests via a large number of DNS requests, which causes the xid variable to wrap around and becom...

CVE-2004-1029

The Sun Java Plugin capability in Java 2 Runtime Environment JRE 1.4.201, 1.4.204, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using th...

DOS against Java JNDI/DNS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iKu Advisory Product : Java Runtime Environment Date : November 8th 2004 Affected versions : 1.4.2, 1.5.0, probably more Vulnerability Type : remote denial of service Severity 1-10 : 3 Remote : yes 0. contents 1. problem description 2. symptoms 3. bug...

CVE-2004-0651

Unknown vulnerability in Sun Java Runtime Environment JRE 1.4.2 through 1.4.203 allows remote attackers to cause a denial of service virtual machine hang...