«
Expand/Collapse
826 items tagged "java"
Related tags:
scalable java [+],
point [+],
mac os x [+],
jboss [+],
java security manager [+],
integer overflow vulnerability [+],
java virtual machine [+],
apple security [+],
zero [+],
applet [+],
business [+],
cve [+],
usa [+],
update [+],
start [+],
stack overflow [+],
security advisory [+],
script engine [+],
rhino [+],
overflow vulnerability [+],
hat [+],
day [+],
sun java runtime environment [+],
sun java runtime [+],
sun [+],
runtime environment [+],
java sandbox [+],
integer overflow [+],
advisory [+],
java runtime environment [+],
song structure [+],
overflow error [+],
mixersequencer [+],
integer [+],
bugtraq [+],
code execution [+],
type [+],
security vulnerabilities [+],
secsigner [+],
seccommerce [+],
ruben santamarta [+],
rmi server [+],
rmi registry [+],
rmi [+],
private fields [+],
os x [+],
opcode [+],
midi file [+],
midi [+],
mandriva linux [+],
malicious java [+],
linux security [+],
java webstart [+],
java updates [+],
java server [+],
java rmi [+],
java process [+],
java event [+],
java browser [+],
java applet version [+],
icedtea web [+],
icedtea [+],
heap memory [+],
google [+],
font [+],
flaw [+],
file upload [+],
configuration tool [+],
atomicreferencearray [+],
red hat security [+],
zero day [+],
web application framework [+],
virtual [+],
untrusted [+],
type safety [+],
trigerring [+],
tool [+],
stephen de vries [+],
side [+],
security weaknesses [+],
sandbox [+],
remote security [+],
penetration [+],
openid [+],
ntlm [+],
method parameters [+],
memory [+],
joshua drake tags [+],
javasnoop [+],
javascript [+],
java code [+],
java client server [+],
java authors [+],
exploits [+],
exploitation techniques [+],
custom encryption [+],
corruption [+],
client server applications [+],
client server application [+],
client [+],
attribute [+],
asia [+],
arbitrary code execution [+],
abu dhabi [+],
red [+],
vulnerability [+],
ibm [+],
zip [+],
weakness [+],
vulns [+],
vulnerability sun [+],
util [+],
updates [+],
true [+],
tpti [+],
system [+],
svg [+],
sun java [+],
sequence description [+],
segmentation fault [+],
security weakness [+],
security authors [+],
retired [+],
read [+],
proof of concept [+],
profile sequence [+],
paper [+],
object [+],
november [+],
new java [+],
new [+],
memory corruption [+],
mayhem [+],
marc schoenefeld [+],
manageengine [+],
machine [+],
mac antivirus [+],
library [+],
kevin spett [+],
jfilechooser [+],
java vulnerability [+],
java system [+],
java release [+],
java library [+],
java jfilechooser [+],
java flaw [+],
java extensions [+],
java execution [+],
java decompilation [+],
java db [+],
java code execution [+],
java card [+],
icc [+],
hook code [+],
hole [+],
hash collision [+],
hash [+],
exploit [+],
execution [+],
directory traversal vulnerability [+],
deviceexpert [+],
decompression code [+],
decompilation [+],
d vulnerability [+],
critical patch [+],
collision [+],
card [+],
bruce potter [+],
black hat [+],
beast [+],
avira [+],
authors [+],
application [+],
apple quicktime [+],
apple [+],
advance notification [+],
adobe [+],
code [+],
security [+],
java web start [+],
information disclosure vulnerability [+],
denial of service [+],
web [+],
service vulnerability [+],
remote [+],
oracle java [+],
oracle [+],
software development kit [+],
safer use [+],
java 2 software development kit [+],
java 2 runtime environment [+],
java 2 runtime [+],
mac os [+],
zorg,
zend,
zdi,
xml parser,
xml file,
xml,
webclient service,
webapps,
web server version,
web server admin,
web frameworks,
web attacks,
vulnerability research,
vulnerabilities,
vuln,
video,
version 6,
version,
validation,
user,
urlconnection,
url,
txt,
traversal,
toolkit,
tomcat java,
tomcat,
testing,
technology class,
tcp,
tavis ormandy,
tavis,
targets,
target host,
target,
talk,
tackles,
system directory,
system communications,
svn,
sunjava,
sun microsystems inc,
sun microsystems,
sun java jdk,
stephen fewer,
standard,
stack buffer,
srtp,
song lyrics site,
song,
something,
smart cards,
siteerror,
signature verification,
shell,
service,
server vulnerability,
server versions,
server ldap,
server java,
server authentication,
server api,
server,
serious,
serialized,
security vulnerability,
security permissions,
security holes,
security assessments,
security assessment,
s system,
runtimes,
runtime,
ruby,
robert jason,
rmi connection,
rjb,
remote exploit,
remote buffer overflow,
readmabcurvedata,
quiet business,
protocol implementation,
privilege escalation vulnerability,
pre,
poc,
plugs,
pkcs,
patch,
ormandy,
opensc,
open source implementation,
object serialization,
ntlm authentication,
network node manager,
neat piece,
national id cards,
most,
mixin,
miniature,
mini web server,
mini,
milking,
midi stream,
metasploit,
meta,
mandriva,
malware,
malicious attacker,
malaysia,
mac osx,
mac linux,
mac,
local security,
local,
linux windows,
linux,
kit,
jre java,
jre,
jpeg decoder,
joystick,
jdk java,
jdk,
javatest,
java web server,
java web,
java update,
java shell,
java serialization,
java runtime,
java plugin,
java plug,
java gui,
java frameworks,
java developer kit,
java deployment,
java card applets,
java bug,
java applet tag,
java applet source,
java app,
java 2d,
jar archive,
jar,
jadarg crash,
jad java decompiler,
jad,
interception proxies,
interactive shell,
implementation,
image processing library,
http,
hpsbux,
hpsbma,
hp ux,
hotspot,
host ip address,
horse,
heap allocation,
hacks,
hack in the box,
gui,
format string,
force,
exposes,
emergency patch,
emergency,
dsa,
dopo,
dll loading,
dll,
directory server,
directory,
deployment,
dependent parameters,
default,
decompiler class,
decompiler,
database java,
database,
data,
darknet,
daniel grzelak,
dangerous web,
cryptographic provider,
cryptographic,
cross site scripting,
critical vulnerability,
critical security,
critical flaws,
crash,
communications express,
communication protocol,
command line parameters,
com,
cmm,
classpath,
class stack,
byte streams,
business march,
bulletin,
bug,
buffer overflow vulnerability,
buffer,
brute force,
browser user,
browser policies,
bridge results,
bridge design,
bridge,
brent baldwin robert jason tags,
blackberry,
basicserviceimpl,
based buffer overflow,
baldwin,
authentication,
arithmetic operation,
arduino,
arbitrary command,
arbitrary code,
applet tag,
applet source code,
apache tomcat,
apache,
analog joystick,
alarmpoint,
administrative interface,
activex plugin,
activex,
Supporto,
Software,
Final,
ExploitsVulnerabilities,
Countermeasures,
BackTrack
-
-
19:09
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0514-01 - The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit.
-
19:09
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0514-01 - The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit.
-
-
13:54
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0508-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
-
13:54
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0508-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
-
13:54
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0508-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
-
-
15:07
»
Packet Storm Security Advisories
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
15:07
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
15:07
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
-
18:14
»
Packet Storm Security Advisories
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
18:14
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
18:14
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
-
16:55
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
-
16:55
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
-
-
8:04
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0343-01 - The IBM 1.4.2 SR13-FP11 Java release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
-
-
22:12
»
Packet Storm Security Exploits
This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
-
22:12
»
Packet Storm Security Recent Files
This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
-
22:12
»
Packet Storm Security Misc. Files
This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
-
-
21:32
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.
-
21:32
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.
-
21:32
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.
-
21:30
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
-
21:30
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
-
21:30
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
-
-
18:10
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
-
18:10
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
-
18:10
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
-
-
19:27
»
Packet Storm Security Exploits
This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.
-
19:27
»
Packet Storm Security Recent Files
This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.
-
19:27
»
Packet Storm Security Misc. Files
This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.
-
18:37
»
Packet Storm Security Advisories
PRE-CERT Security Advisory - The function countCENHeaders() in zip_util.c of the java.util.zip implementation contains an off-by-one bug. The bug can be exploited via corrupted ZIP files to cause an endless recursion. The endless recursion results in a segmentation fault of the JVM. Oracle Java SE and IcedTea6 have multiple affected versions.
-
-
19:33
»
Packet Storm Security Advisories
A Java Web Start vulnerability exists in Oracle Java. The vulnerability can be exploited by remote unauthenticated attackers to execute arbitrary code on a vulnerable system.
-
19:33
»
Packet Storm Security Recent Files
A Java Web Start vulnerability exists in Oracle Java. The vulnerability can be exploited by remote unauthenticated attackers to execute arbitrary code on a vulnerable system.
-
19:33
»
Packet Storm Security Misc. Files
A Java Web Start vulnerability exists in Oracle Java. The vulnerability can be exploited by remote unauthenticated attackers to execute arbitrary code on a vulnerable system.
-
14:46
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0135-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
-
14:46
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0135-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
-
14:46
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0135-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
-
-
21:37
»
SecDocs
Authors:
Joshua Drake Tags:
memory heap overflow exploiting Java Event:
Black Hat Abu Dhabi 2011 Abstract: The Oracle (previously Sun) Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.
-
21:37
»
SecDocs
Authors:
Joshua Drake Tags:
memory heap overflow exploiting Java Event:
Black Hat Abu Dhabi 2011 Abstract: The Oracle (previously Sun) Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.
-
-
15:25
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0034-01 - The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit.
-
15:25
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0034-01 - The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit.
-
15:25
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0034-01 - The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit.
-
-
14:38
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0006-01 - This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM Java 1.4.2 SR13-FP11 release. All running instances of IBM Java must be restarted for this update to take effect.
-
14:38
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0006-01 - This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM Java 1.4.2 SR13-FP11 release. All running instances of IBM Java must be restarted for this update to take effect.
-
14:38
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0006-01 - This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. All users of java-1.4.2-ibm are advised to upgrade to these updated packages, which contain the IBM Java 1.4.2 SR13-FP11 release. All running instances of IBM Java must be restarted for this update to take effect.
-
-
11:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
14:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
7:44
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc).
-
7:44
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc).
-
7:44
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc).
-
-
11:22
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1478-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13 Java release. All running instances of IBM Java must be restarted for this update to take effect.
-
11:22
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1478-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13 Java release. All running instances of IBM Java must be restarted for this update to take effect.
-
-
13:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:34
»
SecuriTeam
Oracle Java contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM)
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
21:14
»
SecuriTeam
Oracle Java Contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM).
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
10:34
»
SecuriTeam
Oracle Java contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM).
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
10:29
»
SecuriTeam
Oracle Java contains a vulnerability caused by an integer overflow error in the Color Management Module (CMM).
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
10:29
»
SecuriTeam
Oracle Java ICC Profile Contains an Integer Overflow and Code Execution Vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:06
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-170 - Security issues were identified and fixed in openjdk (Icedtea6) and icedtea-web. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
-
16:06
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-170 - Security issues were identified and fixed in openjdk (Icedtea6) and icedtea-web. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
-
16:06
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-170 - Security issues were identified and fixed in openjdk (Icedtea6) and icedtea-web. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. IcedTea6 prior to 1.10.4 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. IcedTea6 prior to 1.10.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
-
-
19:04
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Runtime.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime running on OSX or Linux.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
10:31
»
Packet Storm Security Recent Files
Apple Security Advisory 2011-11-08-1 - Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29.
-
10:31
»
Packet Storm Security Misc. Files
Apple Security Advisory 2011-11-08-1 - Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29.
-
8:15
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1441-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
-
8:15
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1441-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
-
8:15
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1441-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
-
-
13:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
13:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
13:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:15
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-306 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. This could be used, for example, to disable to security manager normally in place for applets. This leads to remote code execution under the context of the current user.
-
16:15
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-306 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. This could be used, for example, to disable to security manager normally in place for applets. This leads to remote code execution under the context of the current user.
-
16:15
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-306 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. This could be used, for example, to disable to security manager normally in place for applets. This leads to remote code execution under the context of the current user.
-
16:15
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-305 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles Rhino Javascript errors. The built-in javascript engine in Java fails to perform sufficient sanitation on javascript error objects. The effect is that untrusted code can run in privileged context. This can result in remote code execution under the context of the current user.
-
16:15
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-305 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles Rhino Javascript errors. The built-in javascript engine in Java fails to perform sufficient sanitation on javascript error objects. The effect is that untrusted code can run in privileged context. This can result in remote code execution under the context of the current user.
-
-
19:07
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:56
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:54
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1384-01 - The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section.
-
15:54
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1384-01 - The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section.
-
15:54
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1384-01 - The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section.
-
17:58
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1380-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges.
-
17:58
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1380-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges.
-
17:58
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1380-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges.
-
-
17:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of java.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Sun Java Runtime.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:53
»
SecDocs
Authors:
Stephen de Vries Tags:
Java Event:
Black Hat USA 2010 Abstract: The presentation will demonstrate a complete analysis and compromise of a Java client-server application using entirely open source tools. Performing penetration testing on Java clients, both applications and applets is often problematic because the data transport (typically RMI) is difficult to manipulate in a meaningful way and complex applications require more refined techniques than direct byte code manipulation. Java development approaches and tools have been steadily improving and many of these new paradigms and tools can be used to fully decompose and manipulate client side Java without resorting to decompiling the binary. Due to the high level nature of developer tools, it is very easy for developers to misplace trust in client-server applications and erroneously or deliberately include security controls on the client instead of on the server side. By using testing and profiling tools and aspect oriented programming, it is possible to build a clear picture of the application's logic flow and to identify private objects that should not ordinarily be editable by the user. Injecting an interactive console into the running application allows you to change these objects at will and to call any methods on the client side, thereby bypassing client side security controls.
-
12:53
»
SecDocs
Authors:
Stephen de Vries Tags:
Java Event:
Black Hat USA 2010 Abstract: The presentation will demonstrate a complete analysis and compromise of a Java client-server application using entirely open source tools. Performing penetration testing on Java clients, both applications and applets is often problematic because the data transport (typically RMI) is difficult to manipulate in a meaningful way and complex applications require more refined techniques than direct byte code manipulation. Java development approaches and tools have been steadily improving and many of these new paradigms and tools can be used to fully decompose and manipulate client side Java without resorting to decompiling the binary. Due to the high level nature of developer tools, it is very easy for developers to misplace trust in client-server applications and erroneously or deliberately include security controls on the client instead of on the server side. By using testing and profiling tools and aspect oriented programming, it is possible to build a clear picture of the application's logic flow and to identify private objects that should not ordinarily be editable by the user. Injecting an interactive console into the running application allows you to change these objects at will and to call any methods on the client side, thereby bypassing client side security controls.
-
-
10:34
»
SecDocs
Authors:
Arshan Dabirsiaghi Tags:
web application exploiting Java Event:
Black Hat USA 2010 Abstract: Anybody who has assessed anything with a thick Java client has probably been frustrated beyond belief and unhappy with their coverage, but that's only because this tool hasn't been released yet. We created a tool that allows you to easily jump into any JVM on your machine, and tamper with class bytecode, method parameters, return values - without requiring any pesky original source code, or the most elusive artifact - skill! What happens when that applet you want to hack uses serialized objects over a custom encryption scheme, and you have 40 hours to break it? Theoretically, you know that's not good enough, but who cares about "theoretically"? JavaSnoop will allow you to intercept calls inside the JVM for tampering with data before it gets to the network, while its still in object form! What happens when that fancy desktop tool you have has an expired license? JavaSnoop will allow you to make that isLicensed() check return the value you want, instead of the value you didn't pay for. All this in a nice, portable GUI tool. I can't wait to enable you!
-
10:33
»
SecDocs
Authors:
Arshan Dabirsiaghi Tags:
web application exploiting Java Event:
Black Hat USA 2010 Abstract: Anybody who has assessed anything with a thick Java client has probably been frustrated beyond belief and unhappy with their coverage, but that's only because this tool hasn't been released yet. We created a tool that allows you to easily jump into any JVM on your machine, and tamper with class bytecode, method parameters, return values - without requiring any pesky original source code, or the most elusive artifact - skill! What happens when that applet you want to hack uses serialized objects over a custom encryption scheme, and you have 40 hours to break it? Theoretically, you know that's not good enough, but who cares about "theoretically"? JavaSnoop will allow you to intercept calls inside the JVM for tampering with data before it gets to the network, while its still in object form! What happens when that fancy desktop tool you have has an expired license? JavaSnoop will allow you to make that isLicensed() check return the value you want, instead of the value you didn't pay for. All this in a nice, portable GUI tool. I can't wait to enable you!
-
-
16:23
»
Packet Storm Security Recent Files
Whitepaper called Dissecting Java Server Faces for Penetration Testing. This paper is divided into two parts. In the first part, they discuss the internals of JSF, a Java based web application framework and its inherent security model. In the second part, they discuss about the security weaknesses and applied security features in the JSF. In addition, they also raise a flag on the security issues present in JSF in order to conduct effective penetration testing.
-
16:23
»
Packet Storm Security Misc. Files
Whitepaper called Dissecting Java Server Faces for Penetration Testing. This paper is divided into two parts. In the first part, they discuss the internals of JSF, a Java based web application framework and its inherent security model. In the second part, they discuss about the security weaknesses and applied security features in the JSF. In addition, they also raise a flag on the security issues present in JSF in order to conduct effective penetration testing.
-
-
20:17
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1159-01 - The IBM 1.4.2 SR13-FP10 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
-
20:17
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1159-01 - The IBM 1.4.2 SR13-FP10 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
-
20:17
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1159-01 - The IBM 1.4.2 SR13-FP10 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
-
16:59
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
8:27
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1100-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files.
-
8:27
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1100-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files.
-
8:27
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1100-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files.
-
-
18:25
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1087-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP5 Java release. All running instances of IBM Java must be restarted for this update to take effect.
-
18:25
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1087-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP5 Java release. All running instances of IBM Java must be restarted for this update to take effect.
-
18:25
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1087-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR12-FP5 Java release. All running instances of IBM Java must be restarted for this update to take effect.
-
-
19:20
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-0949-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
-
19:20
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-0949-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
-
19:20
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-0949-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
-
19:19
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-0948-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
-
19:19
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-0948-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
-
19:19
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-0948-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
-
19:18
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-0947-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
-
19:18
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-0947-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
-
19:18
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-0947-01 - JBoss Enterprise Application Platform is the market-leading platform for innovative and scalable Java applications. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution