CVE-2007-5152

Summary: CVE-2007-5152 affects Sun Java System Access Manager 7.1 when installed in a Sun Java System Application Server 9.1 container. The issue is that authentication is not required after a container restart, enabling remote attackers to perform administrative tasks. The vulnerability is evide...

JSPWiki Multiple Vulnerabilities

Application: JSPWiki Multiple Vulnerabilities Version: 2.4.103 and 2.5.139 Credit: Jason Kratzer Date: 9/24/2007 Background ------------------------------------------------------------ JSPWiki is wiki software built around the standard J2EE components of Java, servlets and JSP. It was written by...

SUSE-SA:2007:045: IBM Java, Sun Java

The remote host is missing the patch for the advisory SUSE-SA:2007:045 IBM Java, Sun Java. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This plugin text was extracted from SuSE Security Advisory SUSE-SA:2007:045 if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

CVE-2007-5019

Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment JRE 1.6.0X allows remote attackers to have an unknown impact via a long argument to the dnsResolve isInstalled.dnsResolve method...

Buffer overflow

Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment JRE 1.6.0X allows remote attackers to have an unknown impact via a long argument to the dnsResolve isInstalled.dnsResolve method...

CVE-2007-5019

Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment JRE 1.6.0X allows remote attackers to have an unknown impact via a long argument to the dnsResolve isInstalled.dnsResolve method...

CVE-2007-5019

The CVE-2007-5019 issue is a buffer overflow in the Sun Java Web Start ActiveX control of Java Runtime Environment (JRE) 1.6.0_X. The vulnerability occurs when processing a long argument to dnsResolve (isInstalled.dnsResolve), due to a boundary error in the ActiveX control. Affected component: Su...

Sun jre1.6.0_X isInstalled.dnsResolve Function Overflow PoC

No description provided by source. html body center Sun jre1.6.0X isInstalled.dnsResolve function overflow PoCbr Bug founded and code released by Yag Kohha. br Greetz to: br Shinnai, Str0ke br /center object classid="CLSID:5852F5ED-8BF4-11D4-A245-0080C6F74284" id="target"/OBJECT SCRIPT...

Sun jre1.6.0_X isInstalled.dnsResolve Function Overflow PoC

Exploit for multiple platform in category dos / poc =========================================================== Sun jre1.6.0X isInstalled.dnsResolve Function Overflow PoC =========================================================== Sun jre1.6.0X isInstalled.dnsResolve function overflow PoC Bug...

Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow

Sun jre1.6.0X isInstalled.dnsResolve function overflow PoC Bug founded and code released by Yag Kohha. Greetz to: Shinnai, Str0ke var b = 'XXXX'; while b.length milw0rm.com 2007-09-19...

Sun Java JRE Font Parsing Privilege Escalation (103024)

According to its version number, the Sun Java Runtime Environment JRE installed on the remote host reportedly contains an issue in its font parsing code that may allow an untrusted applet to gain elevated privileges and, for example read or write local files or execute local applications...

Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation

source: https://www.securityfocus.com/bid/25340/info The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issu...

CVE-2007-4289

The connected records indicate CVE-2007-4289 is related to improper handling of XSLT stylesheets in XML signatures, affecting Sun Java System Access Manager 6.3–7.1 and Sun Java System Identity Server 6.1–6.2, where crafted XSLT transforms could allow context-dependent attackers to execute arbitr...

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

HTML files generated with Javadoc are vulnerable to a XSS

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Crlf injection

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...

CVE-2007-4164

CRLF injection vulnerability in the redirect feature in Sun Java System Web Server 6.1 and 7.0 before 20070802, when the redirect Server Application Function SAF uses the url-prefix parameter and escape is disabled, or an Error directive uses the url-prefix parameter in obj.conf, allows remote...

CVE-2007-4164

CVE-2007-4164 affects Sun Java System Web Server 6.1 and 7.0; CRLF injection in the redirect SAF when url-prefix is used (escape disabled) or Error directive uses url-prefix in obj.conf, enabling remote HTTP header injection/response splitting. Affected products require patches: Web Server 6.1 pa...

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

Critical: Red Hat Security Advisory: java-1.5.0-sun security update

Updated java-1.5.0-sun packages that correct several security issues are available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the software and tools that user...