Sun Java 1.x XML Document Nested Entity Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8666/info A problem has been identified in Sun Java when handling XML documents with specific constructs. Because of this, an attacker with the ability to cause the software to parse malicious XML documents may have the...

Sun Java Web Server 7.0 u7 - Exploit with DEP bypass

No description provided by source. Exploit Title: SJWSexv2 Date: 09/07/2010 Author: dmc Software Link: download link if available Version: 7.0 u7 Tested on: Windows XP SP3 - with and without DEP CVE : CVE-2010-0361 / Sun Java Web Server Exploit v2 Tested on: Sun Java Web Server 7.0 update 7 - XP...

Sun Java JDK 1.x - Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24004/info Sun JDK is prone to a multiple vulnerabilities. An attacker can exploit these issues to crash the affected application, effectively denying service. The attacker may also be able to execute arbitrary code, whic...

Sun Java Runtime New Plugin docbase Buffer Overflow

No description provided by source. $Id: javadocbasebof.rb 11513 2011-01-08 00:25:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Sun Java Web Start Plugin Command Line Argument Injection (2012)

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

Sun Java SE November 2009 Multiple Security Vulnerabilities (1)

No description provided by source. source: http://www.securityfocus.com/bid/36881/info Sun has released updates to address multiple security vulnerabilities in Java SE. Successful exploits may allow attackers to bypass certain security restrictions, run untrusted applets with elevated privileges,...

Sun Java System Identity Manager 6.0/7.0/7.1 /idm/user/main.jsp activeControl Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied...

Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Sun Java System Web Server 6.1/7.0 WebDAV Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37910/info Sun Java System Web Server is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input. The issue affects the WebDAV functionality. Currently very few technical details a...

Sun Calendar Express Web Server - (DoS/XSS) Multiple Remote Vulns

No description provided by source. Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple vulnerabilities in Sun Calendar Express Web Server 1. Advisory Information Title: Multiple vulnerabilities in Sun Calendar Express Web Server Advisory ID: CORE-2009-010...

Sun Java System Delegated Administrator 6.x HTTP Response Splitting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34643/info Sun Java System Delegated Administrator is prone to an HTTP response-splitting vulnerability because it fails to sufficiently sanitize user-supplied data. Attackers can leverage this issue to influence or...

Sun Java System Identity Manager 6.0/7.x Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/32262/info Sun Java System Identity Manager is prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, multiple cross-site scripting issues, multiple HTML-injection issues, and a...

openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-5320) (BEAST)

Oracle/Sun Java 1.6.0 was updated to the u26 release, fixing lots of bugs and security issues. Please see http://www.oracle.com/technetwork/topics/security/javacpuoct2011-44343 1.html for more details. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)

Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following...

Sun Java Web Start dnsResolve ActiveX Buffer Overflow - Ver2 (CVE-2007-5019)

A buffer overflow vulnerability has been reported in numerous forms. The vulnerability is due to a boundary error in the Sun Java Web Start ActiveX control that fails to properly handle user supplied data. Successful exploitation of this vulnerability could allow a remote attacker to execute...

Sun Java Runtime Environment 1.6 - Web Start JNLP File Stack Buffer Overflow

Exploit for linux platform in category remote exploits source: http://www.securityfocus.com/bid/24832/info Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently...

Sun Java Web Start Double Quote Injection (CVE-2012-1533)

A remote code execution vulnerability has been in Java Web Start...

Sun Java System Application Server Information Disclosure

The version of Sun Java System Application Server installed on the remote host is potentially affected by an information disclosure vulnerability. A remote, unauthenticated attacker could exploit this flaw to read the Web Application configuration files in the WEB-INF or META-INF directory via a...

Oracle Java SE Multiple Vulnerabilities (June 2013 CPU) (Unix)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is earlier than or equal to 7 Update 21, 6 Update 45 or 5 Update 45. It is, therefore, potentially affected by security issues in the following components : - 2D - AWT - CORBA - Deployment - Hotspot -...

Sun Java Web Start Double Quote Injection

This module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters initial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of the...