Sun Java - Runtime New Plugin docbase Buffer Overflow (Metasploit)

$Id: javadocbasebof.rb 11513 2011-01-08 00:25:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Metasploit Framework v3.5.1 Updated Version Download !

Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit version 3.5.1! "The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a...

SuSE 11 / 11.1 Security Update : Java 1.6.0 (SAT Patch Numbers 3347 / 3349)

Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html...

SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 2340)

Oracle has released JRE 6 Update 20 in order to fix potential remote code execution vulnerabilities CVE-2010-0887. Please refer to Oracle's site for more information: http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010 -0886.html %NASLMINLEVEL 70300 C Tenable Network Security,...

SuSE 11 Security Update : Sun Java 6 (SAT Patch Number 2225)

Sun Java 6 was updated to Update 19, fixing a large number of security issues: CVE-2009-3555 / CVE-2010-0082 / CVE-2010-0084 / CVE-2010-0085 / CVE-2010-0087 / CVE-2010-0088 / CVE-2010-0089 / CVE-2010-0090 / CVE-2010-0091 / CVE-2010-0092 / CVE-2010-0093 / CVE-2010-0094 / CVE-2010-0095 /...

Social-Engineer Toolkit v1.0 - Latest Version Download

The Social Engineer Toolkit SET has been updated to version 1.0! We wrote about the Social Engineer's Toolkit in our old post here. This release is called the Devolution Release. "The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the hum...

Sun Java Runtime New Plugin docbase Buffer Overflow

This module exploits a flaw in the new plugin component of the Sun Java Runtime Environment before v6 Update 22. By specifying specific parameters to the new plugin, an attacker can cause a stack-based buffer overflow and execute arbitrary code. When the new plugin is invoked with a "launchjnlp"...

Sun Java Runtime New Plugin docbase Buffer Overflow

$Id: javadocbasebof.rb 10820 2010-10-25 20:22:08Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)

Sun Java 1.6.0 was updated to Security Update U22. The release notes for this release are on: http://www.oracle.com/technetwork/java/javase/6u22releasenotes-176121. html Security advisory page for this update: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-17625 8.html Following...

Oracle iPlanet Web Server Multiple Unspecified Vulnerabilities (cpuoct2010)

Oracle iPlanet Web Server is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle Sun Java System Web Server - HTTP Response Splitting

Oracle Sun Java System Web Server - HTTP Response Splitting Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied inpu...

Oracle Sun Java System Web Server - HTTP Response Splitting

Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied input is used to generate the value of an HTTP header, as shown ...

CVE-2010-3579

Unspecified vulnerability in the 1 Sun Convergence 1 and 2 Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail...

CVE-2010-3575

Unspecified vulnerability in the Oracle Communications Messaging Server Sun Java System Messaging Server component in Oracle Sun Products Suite 6.0, 6.2, 6.3, and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Mail...

CVE-2010-3564

Unspecified vulnerability in the Oracle Communications Messaging Server Sun Java System Messaging Server component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained...

Design/Logic Flaw

Unspecified vulnerability in the 1 Sun Convergence 1 and 2 Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Communications Messaging Server Sun Java System Messaging Server component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. NOTE: the previous information was obtained...

CVE-2010-3546

Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors...

CVE-2010-3579

CVE-2010-3579 affects Sun Convergence 1 and Sun Java Communications Suite 7 components in Oracle Sun Product Suite 1.0/7.0, exploitable via Webmail over HTTP. The Oracle CPU October 2010 advisory indicates these vulnerabilities can be remotely exploitable without authentication, impacting confide...

CVE-2010-3544

CVE-2010-3544 is a CSRF vulnerability in Oracle iPlanet Web Server (Sun Java System Web Server) prior to 7.0U9 that allows an attacker to stop a server instance via the management console when a user views a malicious page while authenticated. The issue is documented across multiple sources (JVN/...