CVE-2005-0418

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.206, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836...

CVE-2005-1150

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service hang...

CVE-2005-0418

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.206, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836...

CVE-2005-0836

CVE-2005-0836 describes an argument injection in Sun Java Web Start/J2SE (Java Web Start for J2SE 1.4.2 up to 1.4.2_06) where the value parameter in a JNLP file’s property tag can be exploited to grant privileges to untrusted applications. This can bypass Java security restrictions and may lead t...

CVE-2005-0836

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.206 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file...

Java Web Start argument injection vulnerability

OVERVIEW ======== Java Web Start is a technology for easy client-side deployment of Java applications. "Using Java Web Start technology, standalone Java software applications can be deployed with a single click over the network" from Sun Microsystems's website. Java Web Start is installed with Ja...

Pegasi022.txt

Donato Ferrante Application: Pegasi Web Server PWS http://pws.sourceforge.net Version: 0.2.2 Bugs: Multiple Vulnerabilities Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2...

directory traversal in PWebServer 0.3.3

Donato Ferrante Application: PWebServer http://sourceforge.net/projects/pwebserver/ Version: 0.3.3 Bug: directory traversal bug Author: Donato Ferrante e-mail: [email protected] web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Descripti...

PT-2003-2174 · Oracle · Sdk +4

Name of the Vulnerable Software and Affected Versions: Java Secure Socket Extension JSSE in SDK and JRE versions 1.4.0 through 1.4.0 01 JSSE versions prior to 1.0.3 Java Plug-in SDK and JRE versions 1.3.0 through 1.4.1 Java Web Start versions 1.0 through 1.2 Description: The X509TrustManager in t...

Incorrect Certificate Validation in Java Secure Socket Extension

According to SUN it has been reported that: "the Java Secure Socket Extension JSSE may incorrectly validate the digital certificate of a web site. This may result in untrustworthy web sites being authenticated for SSL transactions. The Java Plug-in and Java Web Start may incorrectly validate the...

CVE-2002-2005

Unknown vulnerability in Java web start 1.0.101, 1.0.1, 1.0 and 1.0.1.01 HP-UX 11.x only allows attackers to gain access to restricted resources via unknown attack vectors...

Blazix 1.2 - Special Character Handling Server Side Script Information Disclosure

source: https://www.securityfocus.com/bid/5566/info Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems. When a user passes a request to the web server that ends in either a plus + or backslash , the web server ma...

Unauthorized access via Java Web Start

It's possible to pass property name="NAME" value="VALUE"/ with names different from jnlp. and javaws., it allows to leave sandbox...

Security Bulletin #00217

Courtesy of Sun Microsystems. -----BEGIN PGP SIGNED MESSAGE----- Sun Microsystems, Inc. Security Bulletin Bulletin Number: 00217 Date: March 18, 2002 Cross-Ref: Title: JavaTM Web Start The information contained in this Security Bulletin is provided "AS IS." Sun makes no warranties of any kind...

CVE-2001-0186

Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. dot dot attack...

CVE-2001-0186

The CVE-2001-0186 issue affects Free Java Web Server 1.0 and is a path traversal vulnerability. The root cause is improper handling of directory traversal sequences (".."), enabling remote attackers to read arbitrary files. Documented impact is access to files via crafted requests; no explicit fi...

CVE-2001-0186

Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. dot dot attack...

Vulnerability in Free Java Web Server

Vulnerability in Free Java Web Server Overview Free Java Web Server v1.0 is a Java web server available from http://www.download.com. A vulnerability exists which allows a remote user to break out of the web root using relative paths ie: '..', '...'. Details http://localhost/../file outside web...

CVE-2000-0812

The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag...

CVE-2000-0812

The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag...