ZDI-11-084: Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability

ZDI-11-084: Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-084 February 15, 2011 -- CVE ID: CVE-2010-4452 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java...

ZDI-11-082: Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability

ZDI-11-082: Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-082 February 15, 2011 -- CVE ID: CVE-2010-4466 -- CVSS: 6.4, AV:N/AC:L/Au:N/C:P/I:P/A:N -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime --...

Oracle Java Runtime NTLM Authentication Information Leakage Vulnerability

This vulnerability allows remote attackers to leak authentication details on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of NTLM...

OpenJDK Deserialization Race condition (6559775)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

OpenJDK Deserialization Race condition (6559775)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.227 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

Oracle Java IE Browser Plugin docbase Parameter Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Oracle Java Runtime CMM readMabCurveData Buffer Overflow (CVE-2010-0838)

Java Technology is a programing platform owned by Oracle which aims to provide a system for developing and deploying cross-platform applications. It is distributed in the form of various tools such as Java Runtime Environment JRE and Java Development Kit JDK. A stack buffer overflow vulnerability...

Oracle Java Soundbank Resource Name Stack Buffer Overflow (CVE-2010-0839)

Java Technology is a programming platform which aims to provide a system for developing and deploying cross-platform applications. It is distributed in the form of various tools such as Java Runtime Environment JRE and Java Development Kit JDK. A stack buffer overflow vulnerability has been...

OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

Oracle Java Runtime Environment 'HsbParser.getSoundBank()' Remote Heap Buffer Overflow Vulnerability

Description Oracle Java SE and Java for Business are prone to a remote heap-based buffer-overflow vulnerability affecting the Java Runtime Environment JRE. Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE. Versions prior to Java 5.0 Update...

Oracle Java Runtime Environment (JRE) Detection

One or more instances of Oracle's formerly Sun's Java Runtime Environment JRE is installed on the remote host. This may include private JREs bundled with the Java Development Kit JDK. - Additional instances of Java may be discovered if thorough tests are enabled. C Tenable Network Security, Inc...