31 matches found
EUVD-2000-0265
Malware in sbrugna...
EUVD-2000-0707
Malware in sbrugna...
Information Disclosure
IcedTea-Web plug-in is vulnerable to information disclosure. The application incorrectly uses the same class loader instance for applets with the same value of the codebase attribute even if they originated from different domains. An attacker is able to create a malicious applet to exploit the...
Sun JRE/SDK 1.x Untrusted Applet Java Security Model Violation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7824/info It has been reported that the Sun Java Runtime Environment does not properly protect trusted java applets. Because of this, it may be possible for an attacker to use a malicious applet to gain access to sensitiv...
Oracle Java System.arraycopy() Race Condition Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of...
Oracle Java DropArguments Sandbox Bypass Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of...
Oracle Java NumberFormatter and RealTimeSequencer Sandbox Bypass Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of...
Oracle Java mort TTF Table Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fontmanager...
Oracle Java setUncaughtExceptionHandler Security Manager Bypass Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within java.lang.Thread's...
Java JAX-WS statistics.impl package sandbox breach
Added: 02/07/2013 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the...
Java JAX-WS statistics.impl package sandbox breach
Added: 02/07/2013 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the...
Nasty New Java Zero Day Found; Exploit Kits Already Have It
UPDATE – Security experts are urging users to disable Java immediately after the discovery of another zero-day exploit that has been incorporated into the Blackhole, Redkit, Cool and Nuclear Pack exploit kits. According to a French researcher who uses the handle Kafeine, the exploits target the...
Java JAX-WS gmbal package sandbox breach
Added: 11/23/2012 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the gmbal package allows code execution outsi...
Oracle Java Applet2ClassLoader Vulnerability
Added: 05/05/2011 CVE: CVE-2010-4452 BID: 46388 OSVDB: 71193 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...
Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability
This vulnerability allows remote attackers to violate security policies on vulnerable installations of Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must run a malicious applet. The specific flaw allows malicious applets to connect to network...
Mac OS X : Java for Mac OS X 10.5 Update 3
The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing Update 3. The remote version of this software contains several security vulnerabilities in Java Web Start and the Java Plug-in. For instance, they may allow untrusted Java Web Start applications and untrusted...
Sun Java JRE vulnerable to privilege escalation
Overview A vulnerability in the Sun Java Runtime Environment may allow a malicious applet to gain elevated privileges. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple operati...
GLSA-200501-16 : Konqueror: Java sandbox vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200501-16 Konqueror: Java sandbox vulnerabilities Konqueror contains two errors that allow JavaScript scripts and Java applets to have access to restricted Java classes. Impact : A remote attacker could embed a malicious Java appl...
Sun Java Plug-in fails to restrict access to private Java packages
Overview There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Description The Java Plug-in is part of the Java 2 Runtime Environment JRE and establishes a framework for displaying Java applets within a web browser...
Symantec Java! JustInTime Compiler 210.65 - Command Execution
source: https://www.securityfocus.com/bid/6222/info A vulnerability has been discovered in the Java! JustInTime compiled used by Netscape Communicator, related to the generation of Intel instructions from specially constructed Java bytecode. If a malicous applet is compiled by the vulnerable...