1772 matches found
CVE-2007-5375
CVE-2007-5375 describes an interpretation conflict in the Sun Java Virtual Machine (JVM) that can allow user-assisted remote attackers to perform a multi-pin DNS rebinding attack and execute arbitrary JavaScript within an intranet context. The issue arises when an intranet web server serves an HT...
CVE-2007-5375
Interpretation conflict in the Sun Java Virtual Machine JVM allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet...
Code injection
Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound...
CVE-2007-5274
Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound...
CVE-2007-5273
Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound...
CVE-2007-5274
The CVE-2007-5274 entry concerns Sun JRE/JDK/J2SE (various 4.x/5.x/6.x releases) where, when a user runs Firefox or Opera, JavaScript outbound connections could be violated due to a multi-pin DNS rebinding flaw tied to the LiveConnect API. The vulnerability arises because JavaScript code relies o...
CVE-2007-5274
Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound...
CVE-2007-5232
Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound...
CVE-2007-5232
Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound...
Code injection
Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound...
CVE-2007-5232
Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound...
CVE-2007-5232
CVE-2007-5232 affects Sun JRE/JDK and related runtimes where applet caching enables a DNS rebinding attack that can bypass an applet’s outbound connection protections. Connected OSV entries (RHSA-2007:0963, RHSA-2008:0132, RHSA-2008:0100, RHSA-2008:0156, etc.) indicate Red Hat Java components (in...
Sun Java JRE / Web Start Multiple Vulnerabilities (103072, 103073, 103078, 103079, 103112)
According to its version number, the Sun Java Runtime Environment JRE and/or Web Start installed on the remote host reportedly is affected by several issues that could be abused to move / copy local files, read or write local files, circumvent network access restrictions, or elevate privileges...
Sun Java JRE vulnerable to unauthorized network access
Overview The Sun Java Runtime Environment JRE contains a vulnerability that may allow unintended access to network resources. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple...
Sun Java系统访问管理器多个安全漏洞
BUGTRAQ ID: 25842 Sun Java系统访问管理器是一个安全单点登录、认证、授权解决方案。 Sun Java系统访问管理器实现上存在多个漏洞,远程攻击者可能利用这些漏洞实现非授权访问。 如果在Sun Java系统应用服务器9.1容器中安装了Sun Java系统访问管理器7.1且重启了容器,就不会显示认证屏。任何基于认证使用容器的应用程序都无法正确运行,因为任何用户都会未经认证便给予访问。这可能导致非特权的非管理用户执行管理任务,例如,管理控制台在访问这个应用时不再提示用户进行认证。因此,任何用户无论是否拥有管理权限,都可以管理应用服务器。 在Sun...
Code injection
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2007-5153
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2007-5152
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does not demand authentication after a container restart, which allows remote attackers to perform administrative tasks...
CVE-2007-5153
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2007-5153
Technical details about CVE-2007-5153 are not publicly available in the provided documents; affected products, impact, and remediation specifics are not disclosed. Monitor for updates from official sources.