RHEL 5 : rhn-java-sat in Satellite Server (RHSA-2013:1513)

An updated rhn-java-sat package that fixes a security issue is now available for Red Hat Network Satellite 5.2. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

JDK: java.lang.ClassLoder defineClass() code execution

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

Java Applet ProviderSkeleton Insecure Invoke Method

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false EXPLOITSTRING =...

Java Applet Driver Manager Privileged toString() Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Java Applet JMX Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Java Applet - JAX-WS Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Shop treasure self-help built Station system command execution-vulnerability warning-the black bar safety net

Brief description: struct command execution, root permissions, the database can be connected, the number of users large Detailed description: http://login.ctoshop.com/shopsystemF/checkLogin.action Vulnerability proof: The website physical path: /home/webserver/shopsystemF java. home:...

BlackHole Exploit Kit 2.0 released with more latest Exploits

According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security...

Mac OS X : Java for Mac OS X 10.6 Update 6 (BEAST)

The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 6, which updates the Java version to 1.6.029. It is, therefore, affected by multiple security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with...

Oracle Java APPLET Tag Memory Corruption

Source: http://skypher.com/index.php/2010/10/13/issue-18-oracle-java-applet-childre/ o=document.createElement"applet"; setTimeoutfunction x=o.children; location.reload; , 1; Tested with: Windows XP sp3 5.1.2600 MSIE 7.0.5730.13 MSIE 8.0.6001.18702 Sun Java Version 6 Update 20 1.6.020-b02...

Oracle Java APPLET Tag Children Property Memory Corruption

Exploit for windows platform in category dos / poc ========================================================== Oracle Java APPLET Tag Children Property Memory Corruption ========================================================== Source:...

Oracle Java - APPLET Tag Children Property Memory Corruption

Oracle Java - APPLET Tag Children Property Memory Corruption Source: http://skypher.com/index.php/2010/10/13/issue-18-oracle-java-applet-childre/ o=document.createElement"applet"; setTimeoutfunction x=o.children; location.reload; , 1; Tested with: Windows XP sp3 5.1.2600 MSIE 7.0.5730.13 MSIE...

Crlf injection

CRLF injection vulnerability in load.php in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the...

SAP BusinessObjects 'HappyAxis2.jsp' Information Disclosure

The SAP BusinessObjects installation on the remote web server is leaking information via '/BusinessProcessBI/axis2-web/HappyAxis.jsp'. This page contains debugging information such as local file paths, operating system version, and Java version. A remote attacker could use this information to mou...

Business Objects Infoview - cms Cross-Site Scripting

Business Objects Infoview - cms Cross-Site Scripting source: https://www.securityfocus.com/bid/28762/info Business Objects is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input via the Infoview web portal. An attacker may leverage...

DOINGSOFT-2008-03-10-001.txt

Identification : DOINGSOFT-2008-03-10-001 CVE-ID : pending Discovery date : 14/12/2007 Correcting Date : 03/04/2008 How to get the patch : http://support.businessobjects.com/downloads/criticalhotfixes/default.asp choose "FixPack 3.5" Publishing date : 14/04/2008 Product : Business Object Infoview...

Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...