Java Reflection API Vulnerability Exploited

No Java component has had a bigger bull’s eye on its back this year than the Java Reflection API. Bug hunters and hackers alike have found a number of zero-days related to the Reflection API, most of which enable the remote execution of code outside the Java sandbox that’s supposed to prevent suc...

Oracle Linux 5 : lcms (ELSA-2009-0011)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0011 advisory. 1.15-1.2.2.el52.2 - Fix Requires to ensure subpackages match the parent package 1.15-1.2.2.el52.1 - Fix insufficient input validation in...

APPLE-SA-2013-03-19-2 Apple TV 5.2.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-03-19-2 Apple TV 5.2.1 Apple TV 5.2.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: A local user may be able to execute unsigned code Description: A state management issue...

Java Applet JMX remote code execution-vulnerability warning-the black bar safety net

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. require 'msf/core' require 'rex' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking...

Java Applet JMX Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Java Applet JMX Remote Code Execution

This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning t...

7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and...

Oracle Outside In CorelDRAW File Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Security feature bypass

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and...

CVE-2013-1489

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and...

CVE-2013-1489

Technical details for CVE-2013-1489 are not provided in the supplied documents. Monitor for updates.

RHEL 5 : java-1.6.0-sun (RHSA-2008:0594)

Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

Oracle Adds Ability to Prevent Java Apps From Running in Browsers

Oracle has released a new version of the Java Development Kit which includes a number of security improvements. The major change in JDK 7u10 is the ability to prevent any Java application from running in the browser, a big shift for the Java environment, which is a constant target of attacks. The...

Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64

This update fixes several vulnerabilities in the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page. CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451,...

Integer overflow

Integer signedness error in the TIFFReadDirectory function in tifdirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion betwe...

Immunity Canvas: MS12_042

Name| ms12042 ---|--- CVE| CVE-2012-0217 Exploit Pack| CANVAS Description| MS12-042 Privilege Escalation Exploit Notes| Repeatability: Notes: This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2. The exploit will also facilitate the loading of unsigned...

Absinthe 2.0 Jailbreak for iOS 5.1.1 Devices Released

A group of developers has released a new untethered jailbreak for devices running iOS 5.1.1. The hack allows users to run unsigned apps on their devices, something that Apple doesn’t like so much. The new version of the Absinthe jailbreak tool was released publicly on Friday by the Chronic-Dev Te...

Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution

Mozilla Firefox before version 41 allowed users to install unsigned browser extensions from arbitrary web servers. This module dynamically creates an unsigned .xpi addon file. The resulting bootstrapped Firefox addon is presented to the victim via a web page. The victim's Firefox browser will pop...

Absinthe Jailbreak for iPhone 4S Released

Less than three weeks after releasing a new jailbreak for iPhones running iOS 5.01, a team of researchers has now published a similar tool for jailbreaking the iPhone 4S and iPad2. The Absinthe jailbreak tool will allow users to run unsigned code on their devices and load apps from places other...

CVE-2011-3442

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app...