1772 matches found
CVE-2008-3440
Sun Java 1.6.003 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
Design/Logic Flaw
Sun Java 1.6.003 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
CVE-2008-3440
CVE-2008-3440 affects Sun Java 1.6.0_03 and earlier (potentially later versions) where updater authenticity is not properly verified, enabling a man-in-the-middle attacker to run arbitrary code via a Trojan horse update (as demonstrated by evilgrade and DNS cache poisoning). The connected sources...
CVE-2008-3440
Sun Java 1.6.003 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
CVE-2008-3425
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System SPS 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors...
Code injection
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System SPS 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors...
CVE-2008-3425
Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin in Sun N1 Service Provisioning System SPS 5.2 and 6.0 allows remote authenticated SPS users to gain administrative access to the web server via unknown attack vectors...
CVE-2008-3425
The vulnerability described in CVE-2008-3425 affects the Sun Java System Web Server 7.0 plugin within Sun N1 Service Provisioning System (SPS) versions 5.2 and 6.0. The issue allows remote authenticated SPS users to gain administrative access to the web server via unspecified attack vectors. The ...
security flaw
Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...
Java Web Start arbitrary file creation/deletion file with user permissions (6704077)
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.218 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077...
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
Added: 07/23/2008 CVE: CVE-2008-3111 BID: 30148 OSVDB: 46959 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A buffer overflow vulnerability in Sun Java Web Start allows command execution when the us...
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
Added: 07/23/2008 CVE: CVE-2008-3111 BID: 30148 OSVDB: 46959 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A buffer overflow vulnerability in Sun Java Web Start allows command execution when the us...
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
Added: 07/23/2008 CVE: CVE-2008-3111 BID: 30148 OSVDB: 46959 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A buffer overflow vulnerability in Sun Java Web Start allows command execution when the us...
Sun Java Web Start JNLP file j2se element heap-size buffer overflow
Added: 07/23/2008 CVE: CVE-2008-3111 BID: 30148 OSVDB: 46959 Background Sun Java Web Start allows standalone Java applications, called JNLP files, to be executed by the Java Runtime Environment JRE. Problem A buffer overflow vulnerability in Sun Java Web Start allows command execution when the us...
Oracle Java Runtime Environment (JRE) Detection
One or more instances of Oracle's formerly Sun's Java Runtime Environment JRE is installed on the remote host. This may include private JREs bundled with the Java Development Kit JDK. - Additional instances of Java may be discovered if thorough tests are enabled. C Tenable Network Security, Inc...
Sun Java Web Start vm args Stack-Based Buffer Overflow Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the GetVMArgsOption function used while...
Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities
The version of Sun Java Runtime Environment JRE 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources 238628. - A buffer overflow...
Java Web Start arbitrary file creation/deletion file with user permissions (6704077)
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.218 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077...
Java Web Start, arbitrary file creation (6703909)
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909...
Java RE allows Same Origin Policy to be Bypassed (6687932)
Multiple unspecified vulnerabilities in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allow remote attackers to violate the security model for an applet's outbound...