CVE-2008-3111

CVE-2008-3111 affects Sun Java Web Start in JDK/JRE 6 prior to Update 4, JDK/JRE 5.0 prior to Update 16, and SDK/JRE 1.4.x prior to 1.4.2_18. The root cause is a stack-based buffer overflow in GetVMArgsOption triggered by a long value in a j2se tag in a JNLP file, allowing context-dependent attac...

CVE-2008-3108

Buffer overflow in Sun Java Runtime Environment JRE in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing...

CVE-2008-3112

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909...

CVE-2008-3106

Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...

CVE-2008-3104

CVE-2008-3104 affects Sun Java Runtime Environment (JRE) and related JDK/JRE distributions. The issue involves multiple vulnerabilities in the JRE that can allow a remote attacker to bypass an applet’s outbound connection restrictions by connecting to localhost services on the machine that loaded...

CVE-2008-3115

CVE-2008-3115 affects Sun JDK/JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, where the JRE/JMX/Web Start components fail to properly prevent execution of applets on older releases. The description jointly states that this may allow remote attackers to exploit vulnerabilities in these ol...

CVE-2008-3108

CVE-2008-3108 describes a buffer overflow in the font processing component of Sun JRE/JDK across multiple older Java releases (JRE 5.0 before Update 10; JRE 1.4.x before 1.4.2_18; JRE 1.3.x before 1.3.1_23). The issue could allow context-dependent attackers to gain privileges on the affected host...

CVE-2008-3109

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants itself...

CVE-2008-3111

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by a an application that grants itself...

CVE-2008-3114

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to obtain sensitive information the cache location via an untrusted application, aka CR 6704074...

CVE-2008-3109

Technical details for CVE-2008-3109 are not provided in the supplied connected documents. Monitor for updates.

CVE-2008-3112

Technical details about CVE-2008-3112 (affected product, root cause, impact, and fix) are not provided in the connected documents. The initial description gives only high-level vulnerability information. Monitor for official advisories for updates.

CVE-2008-3110

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet...

Sun Java System ASP Server < 4.0.3 Multiple Vulnerabilities

The remote host is running Sun Java System Active Server Pages ASP, or an older variant such as Sun ONE ASP or Chili!Soft ASP. The web server component of the installed version of Active Server Pages on the remote host is affected by several vulnerabilities : - Several of the administration...

Sun Java System ASP Server Detection

The remote service is an ASP Server, part of Sun Java System Active Server Pages or an older variant such as Chili!Soft ASP, which provides a web server with ASP Active Server Pages functionality. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Sun Java ASP Server Default Admin Password

The remote host is running Sun Java ASP server. It is possible to access the remote server with default admin credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid33437; scriptversion"1.13";...

Sun Java System Access Manager XSLT样式表单XML签名远程代码执行漏洞

BUGTRAQ ID: 29988 CNCAN ID：CNCAN-2008063001 Sun Java System Access Manager是一款安全单点登录、认证、授权解决方案。 Sun Java系统访问管理器没有正确安全处理XML签名中的XSLT样式表单，远程攻击者可以利用漏洞以应用程序权限执行任意代码。 能建立使用访问管理器本地可查看的XML签名的远程用户可以访问管理器应用程序权限执行任意代码。访问管理器由WEB'容器'应用程序运行，如Sun Java System Application...

CVE-2008-2945

Technical details for CVE-2008-2945 are not provided in the connected documents; public disclosures and remediation are not covered here. Monitor for updates.

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

java-jre: GIF buffer overflow

Buffer overflow in Sun JDK and Java Runtime Environment JRE 5.0 Update 9 and earlier, SDK and JRE 1.4.212 and earlier, and SDK and JRE 1.3.118 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption...