EUVD-2007-0016

Malware in sbrugna...

Tomcat UTF-8 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tomcat UTF-8 Directory Traversal Vulnerability', 'Description' = %q This module tests whether a directory traversal vulnerability is present in...

SUSE CVE-2009-2673

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lack...

Sun Java Web Start JRE Buffer Overflow - Ver2 (CVE-2007-3655)

A buffer overflow vulnerability has been reported in Sun JRE. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library security issues. (remote check)

The remote ESXi is missing one or more security related Updates from VMSA-2013-0003. OpenVAS Vulnerability Test $Id: gbVMSA-2013-0003remote.nasl 6086 2017-05-09 09:03:30Z teissa $ VMSA-2013-0003 VMware vCenter Server, ESXi and ESX address an NFC Protocol memory corruption and third party library...

Sun Java JRE GIF Image Handling Buffer Overflow (102760) (Unix)

According to its version number, the Sun JRE running on the remote host has a buffer overflow issue that can be triggered when parsing a GIF image with the image width in an image block set to 0. If an attacker can trick a user on the affected system into processing a specially crafted image file...

Oracle Sun JRE 1.x 远程JRE漏洞

BUGTRAQ ID: 55339 CVE ID: CVE-2012-0547 Sun Java Runtime Environment是一款为JAVA应用程序提供可靠的运行环境的解决方案。 Oracle Java SE 7 Update 6及之前版本、6 Update 34及之前版本的JRE组件中存在不明细节漏洞，影响目前未知。 0 Sun JRE 1.x 厂商补丁： Oracle ------ Oracle已经为此发布了一个安全公告（alert-cve-2012-4681-1835715）以及相应补丁: alert-cve-2012-4681-1835715：Oracle...

VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

a. ESX third-party update for Service Console openssl RPM The Service Console openssl RPM is updated to openssl-0.9.8e.12.el55.7 resolving two security issues. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2008-7270 and CVE-2010-4180 to these issues. b...

VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

a. vCenter Server and vCenter Update Manager update Microsoft SQL Server 2005 Express Edition to Service Pack 3 Microsoft SQL Server 2005 Express Edition SQL Express distributed with vCenter Server 4.1 Update 1 and vCenter Update Manager 4.1 Update 1 is upgraded from SQL Express Service Pack 2 to...

Tomcat UTF-8 Directory Traversal Vulnerability

This module tests whether a directory traversal vulnerability is present in versions of Apache Tomcat 4.1.0 - 4.1.37, 5.5.0 - 5.5.26 and 6.0.0 - 6.0.16 under specific and non-default installations. The connector must have allowLinking set to true and URIEncoding set to UTF-8. Furthermore, the...

Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-java blackdown-jre blackdown-jdk)

The remote host is missing updates announced in advisory GLSA 200911-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-java blackdown-jre blackdown-jdk)

The remote host is missing updates announced in advisory GLSA 200911-02. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Sun JDK/JRE: Multiple vulnerabilities

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details...

JNLPAppletLauncher库创建任意文件漏洞

BUGTRAQ ID: 35946 CVECAN ID: CVE-2009-2676 JNLPAppletLauncher是一个基于JNLP的applet启动器类，允许applet使用Java 3D、JOGL、JOAL等扩展。 JNLPAppletLauncher中的安全漏洞可能影响Sun JDK和JRE用户。不可信任的Java Applet可能导致旧版的JNLPAppletLauncher向下载和运行不可信任的applet用户的系统上写入任意文件。出现这个漏洞时用户会看到警告对话框说明数字签名已过期。 Sun JDK 6 Sun JDK 5.0 Sun JRE 6 Sun JRE 5....

Sun Java运行时环境音频系统信息泄露漏洞

BUGTRAQ ID: 35939 CVECAN ID: CVE-2009-2670 Solaris系统的Java运行时环境（JRE）为JAVA应用程序提供可靠的运行环境。 Java运行时环境音频系统中的安全漏洞可能允许不可信任的Applet或Java Web Start应用访问java.lang.System属性。 Sun JDK 6 Sun JDK 5.0 Sun JRE 6 Sun JRE 5.0 厂商补丁： RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2009:1199-01）以及相应补丁: RHSA-2009:1199-01：Critical:...

Sun Java Runtime Environment Unpack200 JAR拆包工具整数溢出漏洞

Bugraq ID: 35944 Sun Java Runtime Environment是一款为JAVA应用程序提供可靠的运行环境的解决方案。 Sun Java Runtime Environment负责处理Pack200压缩JAR文件的代码存在缺陷，远程攻击者可以利用漏洞以登录用户安全上下文执行任意指令。 在解压缩过程中，Pack200头字段的多个字段被盲目信任，并用于计算堆缓冲区分配的大小，通过提供恶意值攻击者可以建立很小的堆缓冲区，并在之后的拷贝过程中溢出缓冲区，构建恶意WEB页，诱使用户打开可导致以登录用户安全上下文执行任意指令。 Sun JRE Windows...

Sun Java Runtime Environment JPEG图像处理整数溢出漏洞

Bugraq ID: 35942 Sun Java Runtime Environment是一款为JAVA应用程序提供可靠的运行环境的解决方案。 Sun Java Runtime Environment负责处理装载WebStart应用程序的定制JPEG的代码存在缺陷，远程攻击者可以利用漏洞以登录用户安全上下文执行任意指令。 当处理splash screen时，Javaws.exe错误计算大小并用于之后的缓冲区分配，在之后的解压缩过程中，Java Web Start会写数据到错误分配的缓冲区中，导致基于堆的缓冲区溢出，并以当前用户安全上下文执行任意指令。 Sun JRE 6.0 Updat...

CVE-2009-2672

CVE-2009-2672 is a Sun JRE/JDK proxy mechanism vulnerability where an untrusted applet or Java Web Start application could access browser cookies and related session data, enabling session hijacking. The issue is tied to the JRE proxy implementation and affects Sun JRE/JDK before certain updates....

CVE-2009-2673

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lack...

iDefense Security Advisory 12.04.08: Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 12.02.08 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 02, 2008 I. BACKGROUND Pack200 is a compression method introduced by Sun in the 1.5 release of the JRE. It is used to compress Jar files, and is optimized f...