Sun Java Web Start Plugin Command Line Argument Injection

$Id: javawsarginjectaltvm.rb 9083 2010-04-15 15:23:43Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2010-0897

Unspecified vulnerability in the Sun Java System Directory Server component in Oracle Sun Product Suite 5.2, 6.0, 6.1, 6.2, 6.3, and 6.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Directory Service Markup Language...

Code injection

Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 6.2 and and 6.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Address Book...

Design/Logic Flaw

Unspecified vulnerability in the Sun Java System Directory Server component in Oracle Sun Product Suite 5.2, 6.0, 6.1, 6.2, 6.3, and 6.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Directory Service Markup Language...

Design/Logic Flaw

Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors...

CVE-2010-0894

Technical details about CVE-2010-0894 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2010-0885

Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 6.2 and and 6.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Address Book...

CVE-2010-0897

Unspecified vulnerability in the Sun Java System Directory Server component in Oracle Sun Product Suite 5.2, 6.0, 6.1, 6.2, 6.3, and 6.3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Directory Service Markup Language...

CVE-2010-0897

CVE-2010-0897 affects Sun Microsystems Directory Server (Oracle Sun Product Suite). Connected sources describe multiple vulnerabilities in the DSML/DSML-over-HTTP and LDAP implementations. The flaws can enable denial of service via DSML-over-HTTP POST requests or malformed LDAP queries, and can a...

Sun Java Deployment Toolkit Plugin and ActiveX Control Vulnerability

The Sun Java Development Toolkit plugin and ActiveX control contain a vulnerability. This vulnerability is due to insufficient argument validation. By convincing a user to visit a specially crafted HTML document, an attacker may be able to exploit this vulnerability and execute an arbitrary JAR...

Sun Java System Web Server Multiple Vulnerabilities

This host has Sun Java Web Server running which is prone to Multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: gbsunjavasyswebservmultvuln.nasl 6637 2017-07-10 09:58:13Z teissa $ Sun Java System Web Server Multiple Vulnerabilities Authors: Michael Meyer Copyright: Copyright c 2010 Greenbon...

Sun Java System Web Server <= 7.0 Update 7 Multiple Vulnerabilities

Sun Java Web Server is prone to multiple vulnerabilities. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Sun Java Web Start Plugin Command Line Argument Injection', 'Description' = %q This module exploits a flaw in the Web Start...

openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-2228)

Sun Java 6 was updated to Update 19, fixing a large number of security issues. CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838...

Sun Java System Web Server WebDAV请求远程文件泄露漏洞

BUGTRAQ ID: 39187 Sun Java System Web Server是高性能的WEB服务器。 Sun Java System Web Server的WebDAV实现在处理LOCK请求时存在错误，远程攻击者可以通过向服务器发送定义外部XML实体的特制LOCK命令导致泄漏任意本地文件的内容。成功攻击要求用户拥有WebDAV写访问权限。 Sun Java System Web Server 7.0 Update 4 厂商补丁： Sun --- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Oracle Sun Java multiple security vulnerabilities

Buffer overflows on soundbank parsing, buffer overflow on images and archives parsing. Multiple code executions and privilege escalations...

ZDI-10-057: Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability

ZDI-10-057: Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-057 April 5, 2010 -- CVE ID: CVE-2010-0849 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- Vulnerabilit...

Sun Java Runtime CMM readMabCurveData Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the CMM module of the Sun JVM. This...

Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the handling of MIDI...

VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Pointer Vulnerability

VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Pointer Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems. It is the underlying technology that powers...