Java JRE deploytk.dll ActiveX Control Multiple BOF Vulnerabilities

This host is installed with Java JRE Deployment Toolkit ActiveX and is prone to multiple buffer overflow vulnerabilities. OpenVAS Vulnerability Test $Id: secpodjavajreactvxctrlmultbofvuln.nasl 7699 2017-11-08 12:10:34Z santu $ Java JRE deploytk.dll ActiveX Control Multiple BOF Vulnerabilities...

Java JRE deploytk.dll ActiveX Control Multiple BOF Vulnerabilities

Java JRE Deployment Toolkit ActiveX is prone to multiple buffer overflow vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Communications Express 6 2005Q4 aka 6.2 and 6.3 allow remote attackers to inject arbitrary web script or HTML via 1 the abpersondisplayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Addres...

CVE-2009-1729

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Communications Express 6 2005Q4 aka 6.2 and 6.3 allow remote attackers to inject arbitrary web script or HTML via 1 the abpersondisplayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Addres...

CVE-2009-1729

CVE-2009-1729 corresponds to multiple XSS flaws in Sun Java System Communications Express 6.2 (2005Q4) and 6.3. The vulnerabilities are in the Personal Address Book Add Contact path (uwc/abs/search.xml) via abperson_displayName and in UWCMain (uwc/base/UWCMain) via temporaryCalendars. Impact is c...

CVE-2009-1729

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Communications Express 6 2005Q4 aka 6.2 and 6.3 allow remote attackers to inject arbitrary web script or HTML via 1 the abpersondisplayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Addres...

CORE-2009-0109 - Multiple XSS in Sun Communications Express

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS in Sun Communications Express 1. Advisory Information Title: Multiple XSS in Sun Communications Express Advisory ID: CORE-2009-0109 Advisory URL:...

Sun Java System Communications Express 6.3 - search.xml Cross-Site Scripting

Sun Java System Communications Express 6.3 - search.xml Cross-Site Scripting source: https://www.securityfocus.com/bid/34154/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may...

Sun Java System Communications Express 6.3 - 'search.xml' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34154/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Sun Java System Communications Express 6.3 - 'UWCMain' Cross-Site Scripting

source: https://www.securityfocus.com/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. This issue is tracked by Sun Alert ID 258068. An attacker may leverage this issue to execute...

Sun Java System Communications Express 6.3 - UWCMain Cross-Site Scripting

Sun Java System Communications Express 6.3 - UWCMain Cross-Site Scripting source: https://www.securityfocus.com/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. This issue is tracke...

CVE-2009-1671

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment aka JRE 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the 1 setInstallerType, 2 setAdditionalPackages, 3 compareVersion, 4...

CVE-2009-1672

The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment aka JRE 6 Update 13 allows remote attackers to 1 execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes v...

Buffer overflow

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment aka JRE 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the 1 setInstallerType, 2 setAdditionalPackages, 3 compareVersion, 4...

CVE-2009-1672

The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment aka JRE 6 Update 13 allows remote attackers to 1 execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes v...

CVE-2009-1671

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment aka JRE 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the 1 setInstallerType, 2 setAdditionalPackages, 3 compareVersion, 4...

CVE-2009-1671

Sun Java SE Runtime Environment (JRE) 6 Update 13 includes the deploytk.dll Deployment Toolkit ActiveX control (version 6.0.130.3) that contains multiple buffer-overflow vulnerabilities. A long string argument to methods setInstallerType, setAdditionalPackages, compareVersion, getStaticCLSID, or ...

Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval

The version of Sun Java System Identity Manager hosted on the remote web server fails to sanitize user-supplied input to 'ext' parameter in file 'includes/helpServer.jsp' before using it to display help files. An unauthenticated attacker can exploit this vulnerability to retrieve arbitrary files...

Sun Java Directory Server Information Disclosure Vulnerability - Windows

Sun Java Directory Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sun Java Directory Server Information Disclosure Vulnerability - Linux

Sun Java Directory Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...