1215 matches found
javaws vulnerabilities
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to...
A buffer overflow vulnerability in Java Web Start URL parsing code
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...
javaws vulnerabilities
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to...
A buffer overflow vulnerability in Java Web Start URL parsing code
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...
jnlp-overflow.txt
'----------------------------------------------------------------------------------------------- ' Java Web Start Buffer Overflow POC Exploit ' ' FileName: JavaWebStartPOC.VBS ' Contact: ZhenHan.Liuph4nt0m.org ' Date: 2007-07-10 ' Team: http://www.ph4nt0m.org ' Enviroment: Tested on JRE 1.6,...
CVE-2007-3655
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...
CVE-2007-3655
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...
CVE-2007-3655
Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file...
CVE-2007-3655
CVE-2007-3655 is a stack-based buffer overflow in javaws.exe (Sun Java Web Start) within JRE 5.0 Update 11 and earlier and 6.0 Update 1 and earlier. An attacker could remotely exploit a long codebase attribute in a JNLP file to execute arbitrary code. Red Hat advisories indicate this CVE was addr...
Sun Java Runtime Environment 1.6 - Web Start .JNLP File Stack Buffer Overflow
Sun Java Runtime Environment 1.6 - Web Start .JNLP File Stack Buffer Overflow source: https://www.securityfocus.com/bid/24832/info Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it...
High Risk Flaw in Sun's Java Web Start
John Heasman of NGSSoftware has discovered a high risk vulnerability in Sun Microsystem's Java Web Start that ships with the JRE and JDK on Windows platforms. The vulnerability affects the following version of Java Web Start: Java Web Start in JDK and JRE 5.0 Update 11 and earlier Java Web Start ...
Sun Java Web Start任意文件覆盖权限提升漏洞
BUGTRAQ ID: 24695 Java Web Start是用于简化在客户端部署Java应用程序的技术。 Java Web Start在处理应用程序的访问权限时存在漏洞,攻击者可能利用此漏洞提升自己的权限。 Java Web Start中的安全漏洞允许不可信任的应用程序给予其本身覆盖任何运行应用程序用户可写文件的权限,包括用户的.java.policy文件,这允许应用程序调用applet或Java Web Start应用程序,以运行不可信任应用程序的权限执行任意指令。 Sun JDK = 5.0 Update 11 Sun JRE = 5.0 Update 11 Sun JRE...
Java Web Start directory traversal
Directory traversal allows to bypass sandbox environment...
Directory traversal
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite...
CVE-2007-3504
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite...
CVE-2007-3504
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite...
CVE-2007-3504
Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite...
Stack overflow
Multiple stack-based buffer overflows in the SOCKS proxy support sockd in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation...
CVE-2007-2881
Sun Java System Web Proxy Server (sockd) is affected by a buffer overflow in the SOCKS proxy support during protocol negotiation. The issue resides in the sockd daemon and can allow a remote attacker to execute arbitrary code with the privileges of the SOCKS server; impact is described as remote ...
CVE-2007-2435
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.213 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to...