Java Applet Driver Manager Privileged toString() Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Sun Java Web Start Double Quote Injection

======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0 Version: At least Java 1.6.31 to 1.6.35 and 1.7.03 to 1.7.07 Tested on:...

Sun Java Web Start Splashscreen GIF Decoding Buffer Overflow - Improved Performance (CVE-2008-2086)

The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. There exists a memory...

[SECURITY] Fedora 19 Update: icedtea-web-1.3.2-0.fc19

The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start originally based on the Netx project and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations...

SEC Consult SA-20130417-1 :: Java ActiveX Control Memory Corruption

SEC Consult Vulnerability Lab Security Advisory 20130417-1 ======================================================================= title: Java ActiveX Control Memory Corruption product: JavaTM Web Start Launcher vulnerable version: Sun Java Version 7 Update 17 and before Sun Java Version 6 Update...

Fedora Update for icedtea-web FEDORA-2013-5925

Check for the Version of icedtea-web OpenVAS Vulnerability Test Fedora Update for icedtea-web FEDORA-2013-5925 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

CentOS Update for icedtea-web CESA-2013:0753 centos6

Check for the Version of icedtea-web OpenVAS Vulnerability Test CentOS Update for icedtea-web CESA-2013:0753 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Fedora Update for icedtea-web FEDORA-2013-5962

Check for the Version of icedtea-web OpenVAS Vulnerability Test Fedora Update for icedtea-web FEDORA-2013-5962 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Java Web Start Launcher ActiveX Control - Memory Corruption

Java Web Start Launcher ActiveX Control - Memory Corruption SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Java ActiveX Control Memory Corruption product: JavaTM Web Start Launcher vulnerable version: Sun Java Version...

RHEL 6 : icedtea-web (RHSA-2013:0753)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0753 advisory. The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It...

CentOS 6 : icedtea-web (CESA-2013:0753)

Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

icedtea security update

CentOS Errata and Security Advisory CESA-2013:0753 Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

Java Web Start Launcher Memory Corruption

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Java ActiveX Control Memory Corruption product: JavaTM Web Start Launcher vulnerable version: Sun Java Version 7 Update 17 and before Sun Java Version 6 Update 43 and...

Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)

Binary data 6717.prm...

Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)

Binary data 801018.prm...

CVE-2013-0967

CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site...

Design/Logic Flaw

CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site...

Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution (Windows)

The version of Oracle formerly Sun Java Runtime Environment JRE 7.x installed on the remote host is earlier than Update 17. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Oracle Java JDK / JRE 6 < Update 43 Remote Code Execution (Windows)

The version of Oracle formerly Sun Java Runtime Environment JRE 6.x installed on the remote host is earlier than Update 43. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Oracle Java JDK / JRE 5 < Update 41 Remote Code Execution (Windows)

The version of Oracle formerly Sun Java Runtime Environment JRE 5.x installed on the remote host is earlier than Update 41. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...