CVE-2009-3866

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an...

CVE-2009-3866

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an...

SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1497)

The IBM Java 6 JRE/SDK was updated to Service Release 6, fixing various bugs and security issues. The following security issues were fixed : - A security vulnerability in the JNLPAppletLauncher might impact users of the Sun JDK and JRE. Non-current versions of the JNLPAppletLauncher might be...

Sun Java Web Start Arbitrary Command Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java WebStart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the implementation...

Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..)

The version of Sun Java Runtime Environment JRE installed on the remote host is earlier than 6 Update 17 / 5.0 Update 22 / 1.4.224 / 1.3.127. Such versions are potentially affected by the following security issues : - The Java update mechanism on non-English versions does not update the JRE when ...

webshell mention the weight point directory summary-vulnerability warning-the black bar safety net

C:\Documents and Settings\All Users\Start Menu\Programs\ --'look here, can jump, and we from here can get a lot of useful information such as Serv-U path. C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere\ --‘see if you can jump to this directory, if the line that is the...

openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6396)

The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues. CVE-2009-2670: The audio system in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by 1 untrusted apple...

openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-6395)

The Sun Java JRE /JDK 6 was updated to Update 15 fixing various security issues. CVE-2009-2670: The audio system in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by 1 untrusted apple...

SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1058)

IBM Java 6 SR 5 was released fixing various bugs and critical security issues : - A vulnerability in the Java Runtime Environment JRE with initializing LDAP connections may be exploited by a remote client to cause a denial-of-service condition on the LDAP service. CVE-2009-1093 - A vulnerability ...

SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12313)

IBM Java 1.4.2 SR12 fixes the following security problems : - Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the...

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 5846)

IBM Java 1.4.2 SR12 fixes the following security problems : - Security vulnerabilities in the Java Runtime Environment may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the...

SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12387)

This update brings the IBM Java 1.4.2 JDK and JRE to Service Release 13. It fixes lots of bugs and various security issues : - A security vulnerability in the Java Runtime Environment JRE may allow an untrusted applet or application to list the contents of the home directory of the user running t...

SuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 736)

This update brings the IBM Java 6 JDK and JRE to Service Release 4. It fixes lots of bugs and various security issues : - A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the...

CVE-2009-2205

Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors...

OpenJDK Proxy mechanism information leaks (6801071)

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...

OpenJDK Proxy mechanism information leaks (6801071)

The SOCKS proxy implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted 1 applet or 2 Java Web Start application via unspecified vectors...

OpenJDK Untrusted applet System properties access (6738524)

The audio system in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by 1 untrusted applets and 2 Java Web Start applications, which allows context-dependent attackers to obtain sensiti...

RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2008:0906)

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release...

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0186)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209)

Multiple Java OpenJDK security vulnerabilities has been identified and fixed : The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation specifies an HMAC truncation length HMACOutputLength but does not require a minimum for its length, which allows attackers to spoof...