«
Expand/Collapse
1017 items tagged "java"
Related tags:
web [+],
runtime [+],
java virtual machine [+],
code [+],
advisory [+],
java applet [+],
zero day [+],
stack overflow [+],
overflow vulnerability [+],
apple [+],
oracle java [+],
java runtime environment [+],
red hat security [+],
oracle [+],
vulnerability research [+],
start [+],
java version [+],
explorations [+],
denial of service [+],
critical vulnerability [+],
red [+],
virtual [+],
service vulnerability [+],
security vulnerabilities [+],
remote security [+],
os x [+],
java code [+],
ubuntu [+],
type [+],
sun java runtime environment [+],
sun java runtime [+],
song structure [+],
roland lezuo [+],
peter molnar [+],
mixersequencer [+],
jndi [+],
jboss [+],
java webstart [+],
java vulnerability [+],
directory interface [+],
day [+],
critical patch [+],
compiler invocation [+],
compiler [+],
chaos communication congress [+],
atomicreferencearray [+],
application [+],
ibm [+],
windows linux [+],
web browser plug [+],
verifier [+],
untrusted [+],
uninitialized pointer [+],
type checks [+],
sybase ase [+],
sybase [+],
steven bergom [+],
security notice [+],
sdk java [+],
ruben santamarta [+],
point [+],
patch [+],
overflow error [+],
oracle corporation [+],
opportunity [+],
opcode [+],
module [+],
midi file [+],
midi [+],
metasploit [+],
memory corruption [+],
mandriva linux [+],
library [+],
jax ws [+],
java web start [+],
java web browser [+],
java updates [+],
java technology edition [+],
java ssl [+],
java security [+],
java process [+],
java command [+],
java browser [+],
java 2 software development kit [+],
java 2 runtime environment [+],
java 2 runtime [+],
information [+],
heap memory [+],
hat [+],
font [+],
command execution [+],
bytecode [+],
browser [+],
axis [+],
awt component [+],
attack [+],
ase [+],
arbitrary code execution [+],
application programming interface [+],
apache axis [+],
apache [+],
Bugs [+],
vulnerability [+],
java software development [+],
java sandbox [+],
vulnerabilities [+],
vectors [+],
user [+],
type safety [+],
trigerring [+],
sun [+],
ssl certificate [+],
sandbox [+],
runtime environment [+],
openathens [+],
memory [+],
java release [+],
java api [+],
fuzzing [+],
flaw [+],
exploits [+],
detail analysis [+],
critical [+],
business process automation [+],
business [+],
bridge [+],
analysis [+],
code execution [+],
security [+],
remote [+],
zip [+],
world [+],
workbenches [+],
webstart [+],
weakness [+],
util [+],
true [+],
tpti [+],
top [+],
target [+],
svg [+],
super [+],
ssl certificates [+],
servers [+],
segmentation fault [+],
security weakness [+],
security java [+],
security issue [+],
sblim [+],
retired [+],
request broker architecture [+],
read [+],
proof of concept [+],
project [+],
page targets [+],
object request broker architecture [+],
object request broker [+],
object [+],
new java [+],
new [+],
native library [+],
multiple [+],
manageengine [+],
malicious java [+],
malicious [+],
machine [+],
mac browsers [+],
mac antivirus [+],
libraries [+],
java server page [+],
java server [+],
java hashmap [+],
java flaw [+],
java extensions [+],
java execution [+],
java code execution [+],
java bytecode [+],
issue [+],
hp ux [+],
hashmap [+],
hash collision [+],
hash [+],
gluegen [+],
full disclosure [+],
fix [+],
execution [+],
environment [+],
eduserv [+],
dsa [+],
dmtf standards [+],
disguised [+],
directory traversal vulnerability [+],
dimitri [+],
deviceexpert [+],
development [+],
crooks [+],
critical security [+],
controversial [+],
collision [+],
bringing [+],
bit microcontrollers [+],
beefs [+],
beans [+],
backdoor [+],
avira [+],
arm devices [+],
arbitrary code [+],
apple quicktime [+],
apple issues [+],
apple beefs [+],
apple banishes [+],
again [+],
advance notification [+],
Software [+],
ARM [+],
1 billion [+],
openjdk [+],
cve [+],
information disclosure vulnerability [+],
software development kit [+],
security advisory [+],
mac os [+],
apple security [+],
update [+],
mac os x [+],
bugtraq [+],
zero [+],
applet [+],
zorg,
zend,
zdi,
xml parser,
xml file,
xml,
webclient service,
webapps,
web server version,
web server admin,
web frameworks,
web attacks,
web application framework,
vulns,
vulnerability sun,
vuln,
video,
version 6,
version,
validation,
usa,
urlconnection,
url,
updates,
txt,
traversal,
toolkit,
tool,
tomcat java,
tomcat,
testing,
technology class,
tcp,
tavis ormandy,
tavis,
targets,
target host,
talk,
tackles,
system directory,
system communications,
system,
svn,
sunjava,
sun microsystems inc,
sun microsystems,
sun java jdk,
sun java,
stephen fewer,
stephen de vries,
standard,
stack buffer,
srtp,
song lyrics site,
song,
something,
smart cards,
siteerror,
signature verification,
side,
shell,
service,
server vulnerability,
server versions,
server ldap,
server java,
server authentication,
server api,
server,
serious,
serialized,
sequence description,
security weaknesses,
security vulnerability,
security permissions,
security holes,
security authors,
security assessments,
security assessment,
secsigner,
seccommerce,
script engine,
scalable java,
safer use,
s system,
runtimes,
ruby,
robert jason,
rmi server,
rmi registry,
rmi connection,
rmi,
rjb,
rhino,
remote exploit,
remote buffer overflow,
readmabcurvedata,
quiet business,
protocol implementation,
profile sequence,
privilege escalation vulnerability,
private fields,
pre,
poc,
plugs,
pkcs,
penetration,
paper,
ormandy,
opensc,
openid,
open source implementation,
object serialization,
ntlm authentication,
ntlm,
november,
network node manager,
neat piece,
national id cards,
most,
mixin,
miniature,
mini web server,
mini,
milking,
midi stream,
method parameters,
meta,
mayhem,
marc schoenefeld,
mandriva,
malware,
malicious attacker,
malaysia,
mac osx,
mac linux,
mac,
local security,
local,
linux windows,
linux security,
linux,
kit,
kevin spett,
jre java,
jre,
jpeg decoder,
joystick,
joshua drake tags,
jfilechooser,
jdk java,
jdk,
javatest,
javasnoop,
javascript,
java web server,
java web,
java update,
java system,
java shell,
java serialization,
java security manager,
java runtime,
java rmi,
java plugin,
java plug,
java library,
java jfilechooser,
java gui,
java frameworks,
java event,
java developer kit,
java deployment,
java decompilation,
java db,
java client server,
java card applets,
java card,
java bug,
java authors,
java applet version,
java applet tag,
java applet source,
java app,
java 2d,
jar archive,
jar,
jadarg crash,
jad java decompiler,
jad,
interception proxies,
interactive shell,
integer overflow vulnerability,
integer overflow,
integer,
implementation,
image processing library,
icedtea web,
icedtea,
icc,
http,
hpsbux,
hpsbma,
hotspot,
host ip address,
horse,
hook code,
hole,
heap allocation,
hacks,
hack in the box,
gui,
google,
format string,
force,
file upload,
exposes,
exploitation techniques,
exploit,
emergency patch,
emergency,
dopo,
dll loading,
dll,
directory server,
directory,
deployment,
dependent parameters,
default,
decompression code,
decompiler class,
decompiler,
decompilation,
database java,
database,
data,
darknet,
daniel grzelak,
dangerous web,
d vulnerability,
custom encryption,
cryptographic provider,
cryptographic,
cross site scripting,
critical flaws,
crash,
corruption,
configuration tool,
communications express,
communication protocol,
command line parameters,
com,
cmm,
client server applications,
client server application,
client,
classpath,
class stack,
card,
byte streams,
business march,
bulletin,
bug,
buffer overflow vulnerability,
buffer,
brute force,
bruce potter,
browser user,
browser policies,
bridge results,
bridge design,
brent baldwin robert jason tags,
blackberry,
black hat,
beast,
basicserviceimpl,
based buffer overflow,
baldwin,
authors,
authentication,
attribute,
asia,
arithmetic operation,
arduino,
arbitrary command,
applet tag,
applet source code,
apache tomcat,
analog joystick,
alarmpoint,
adobe,
administrative interface,
activex plugin,
activex,
abu dhabi,
Supporto,
Final,
ExploitsVulnerabilities,
Countermeasures,
BackTrack
Skip to page:
1
2
3
...
5
-
-
16:00
»
SecuriTeam
Java AtomicReferenceArray suffers from type violation vulnerability.
-
-
12:15
»
Packet Storm Security Recent Files
Nowadays, a wide range of techniques can be used to find vulnerabilities and bugs in binaries applications. The aim of this paper is to introduce the main concepts of In-Memory Fuzzing, to summarize its advantages and drawbacks and to present the debugging library which is currently developed by High-Tech Bridge to help building in-memory fuzzers.
-
12:15
»
Packet Storm Security Misc. Files
Nowadays, a wide range of techniques can be used to find vulnerabilities and bugs in binaries applications. The aim of this paper is to introduce the main concepts of In-Memory Fuzzing, to summarize its advantages and drawbacks and to present the debugging library which is currently developed by High-Tech Bridge to help building in-memory fuzzers.
-
-
16:00
»
SecuriTeam
Apache Axis and Axis2/Java are prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server.
-
-
16:00
»
SecuriTeam
OpenAthens SP for Java is prone to a security-bypass vulnerability.
-
-
16:00
»
SecuriTeam
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
-
-
8:21
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1485-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
8:21
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1485-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
8:21
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1485-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
-
16:00
»
SecuriTeam
IBM Java is prone to multiple remote code-execution vulnerabilities in Java Runtime Environment.
-
-
23:06
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1467-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
23:06
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1467-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
23:06
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1467-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
23:05
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1466-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
23:05
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1466-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
23:05
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1466-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
23:05
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1465-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
23:05
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1465-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
23:05
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1465-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
-
17:12
»
Packet Storm Security Exploits
This Metasploit module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
-
17:12
»
Packet Storm Security Recent Files
This Metasploit module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
-
17:12
»
Packet Storm Security Misc. Files
This Metasploit module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.
-
-
16:00
»
SecuriTeam
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
-
-
16:00
»
SecuriTeam
HP-UX Running Java, is prone to a Remote Execution of Arbitrary Code Vulnerability.
-
-
8:44
»
Packet Storm Security Advisories
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE / JDK 7u7 and below are affected. The vulnerability is caused by a memory corruption error within the "t2k.dll" component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
8:44
»
Packet Storm Security Recent Files
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE / JDK 7u7 and below are affected. The vulnerability is caused by a memory corruption error within the "t2k.dll" component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
8:44
»
Packet Storm Security Misc. Files
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE / JDK 7u7 and below are affected. The vulnerability is caused by a memory corruption error within the "t2k.dll" component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
8:28
»
Packet Storm Security Advisories
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE/JDK 7u7 and below are affected. The vulnerability is caused by a heap overflow error within the "t2k.dll" component when processing a malformed "maxPointCount" field within a Font, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
8:28
»
Packet Storm Security Recent Files
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE/JDK 7u7 and below are affected. The vulnerability is caused by a heap overflow error within the "t2k.dll" component when processing a malformed "maxPointCount" field within a Font, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
8:28
»
Packet Storm Security Misc. Files
The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE/JDK 7u7 and below are affected. The vulnerability is caused by a heap overflow error within the "t2k.dll" component when processing a malformed "maxPointCount" field within a Font, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
-
16:44
»
Packet Storm Security Advisories
On Oct 16, 2012, Oracle corporation released Java SE Critical Patch Update, which incorporated fixes for 19 security issues that Security Explorations reported to the company earlier this year. This included a fix for a serious issue found shortly after the out-of-band patch was released by Oracle on Aug 30, 2012. This is yet another update to the saga of SE-2012-01.
-
16:44
»
Packet Storm Security Recent Files
On Oct 16, 2012, Oracle corporation released Java SE Critical Patch Update, which incorporated fixes for 19 security issues that Security Explorations reported to the company earlier this year. This included a fix for a serious issue found shortly after the out-of-band patch was released by Oracle on Aug 30, 2012. This is yet another update to the saga of SE-2012-01.
-
16:44
»
Packet Storm Security Misc. Files
On Oct 16, 2012, Oracle corporation released Java SE Critical Patch Update, which incorporated fixes for 19 security issues that Security Explorations reported to the company earlier this year. This included a fix for a serious issue found shortly after the out-of-band patch was released by Oracle on Aug 30, 2012. This is yet another update to the saga of SE-2012-01.
-
17:00
»
SecuriTeam
This allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
-
15:02
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1392-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
-
15:02
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1392-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
-
15:02
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1392-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
-
15:02
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1391-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
-
15:02
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1391-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
-
15:02
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1391-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
-
-
23:07
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1385-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
-
23:07
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1385-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
-
23:07
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1384-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
-
23:07
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1384-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
-
23:07
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1384-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
-
23:07
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1386-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted.
-
23:07
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1386-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted.
-
23:07
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1386-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted.
-
17:00
»
SecuriTeam
This allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
-
-
12:22
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-10-16-1 - Multiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_37.
-
12:22
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-10-16-1 - Multiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_37.
-
-
8:00
»
Hack a Day
[Dimitri] sent in a project he’s been working on that implements a Java Virtual Machine purely in C, and is easily portable between microcontrollers such as the AVRs and PICs we normally see, ARM devices, and even the lowly 386. Before going into the ‘how’, [Dimitri] first covers why he wanted to run Java bytecode [...]
-
-
7:01
»
Hack a Day
C is a beautiful language perfectly suited for development on low-power devices such as the 8-bit microcontrollers. With newer, more powerful ARM microcontrollers making their way onto the market and workbenches around the world, it was only fitting that Oracle got in on the action. They released a version of Java targeted at these newer, more powerful [...]
-
-
20:12
»
Packet Storm Security Advisories
Team SHATTER Security Advisory - It is possible to execute Operating System commands using the Java call Runtime.getRuntime().exec() in Sybase ASE versions 15.0, 15.5, and 15.7.
-
20:12
»
Packet Storm Security Recent Files
Team SHATTER Security Advisory - It is possible to execute Operating System commands using the Java call Runtime.getRuntime().exec() in Sybase ASE versions 15.0, 15.5, and 15.7.
-
20:12
»
Packet Storm Security Misc. Files
Team SHATTER Security Advisory - It is possible to execute Operating System commands using the Java call Runtime.getRuntime().exec() in Sybase ASE versions 15.0, 15.5, and 15.7.
-
-
20:01
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1332-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
20:01
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1332-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
20:01
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1332-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
5:22
»
Packet Storm Security Advisories
Security Explorations has announced that they have discovered yet another sandbox bypass of Oracle Java and have reported little in the way of details until the vendor fixes the issue. It currently affects all versions of Java. It's probably best to just keep Java off in your browser for now.
-
5:22
»
Packet Storm Security Recent Files
Security Explorations has announced that they have discovered yet another sandbox bypass of Oracle Java and have reported little in the way of details until the vendor fixes the issue. It currently affects all versions of Java. It's probably best to just keep Java off in your browser for now.
-
5:22
»
Packet Storm Security Misc. Files
Security Explorations has announced that they have discovered yet another sandbox bypass of Oracle Java and have reported little in the way of details until the vendor fixes the issue. It currently affects all versions of Java. It's probably best to just keep Java off in your browser for now.
-
-
19:00
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1295-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
-
19:00
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1295-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
-
0:23
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1289-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
0:23
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1289-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
0:23
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1289-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
-
13:08
»
Packet Storm Security Advisories
Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software. This is IBM's implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can lead to the complete compromise of a target IBM Java environment.
-
13:08
»
Packet Storm Security Recent Files
Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software. This is IBM's implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can lead to the complete compromise of a target IBM Java environment.
-
13:08
»
Packet Storm Security Misc. Files
Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software. This is IBM's implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can lead to the complete compromise of a target IBM Java environment.
-
-
22:52
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-150 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues.
-
22:52
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-150 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues.
-
22:52
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-150 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited. Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. The updated packages provides icedtea6-1.11.4 which is not vulnerable to these issues.
-
-
19:11
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1245-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
19:11
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1245-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
19:11
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1245-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
19:11
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1243-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
19:11
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1243-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
19:11
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1243-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
-
20:06
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1238-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
20:06
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1238-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
20:06
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1238-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
-
-
19:37
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1225-01 - The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. Red Hat is aware that a public exploit for CVE-2012-4681 is available that executes code without user interaction when a user visits a malicious web page using a browser with the Oracle Java 7 web browser plug-in enabled.
-
19:37
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1225-01 - The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. Red Hat is aware that a public exploit for CVE-2012-4681 is available that executes code without user interaction when a user visits a malicious web page using a browser with the Oracle Java 7 web browser plug-in enabled.
-
19:37
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1225-01 - The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. Red Hat is aware that a public exploit for CVE-2012-4681 is available that executes code without user interaction when a user visits a malicious web page using a browser with the Oracle Java 7 web browser plug-in enabled.
-
-
17:06
»
Packet Storm Security Advisories
Ubuntu Security Notice 1553-1 - It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. It was discovered that functionality in the AWT component in OpenJDK 6 made it easier for a remote attacker, in conjunction with other vulnerabilities, to bypass Java sandbox restrictions. Various other issues were also addressed.
-
17:06
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1553-1 - It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. It was discovered that functionality in the AWT component in OpenJDK 6 made it easier for a remote attacker, in conjunction with other vulnerabilities, to bypass Java sandbox restrictions. Various other issues were also addressed.
-
17:06
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1553-1 - It was discovered that the Beans component in OpenJDK 6 did not properly prevent access to restricted classes. A remote attacker could use this to create an untrusted Java applet or application that would bypass Java sandbox restrictions. It was discovered that functionality in the AWT component in OpenJDK 6 made it easier for a remote attacker, in conjunction with other vulnerabilities, to bypass Java sandbox restrictions. Various other issues were also addressed.
-
17:06
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1223-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
-
17:06
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1223-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
-
17:06
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1223-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
-
17:05
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1221-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
-
17:05
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1221-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
-
17:05
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1221-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
-
17:05
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1222-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
-
17:05
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1222-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
-
17:05
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1222-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions.
-
-
20:51
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. The vulnerability seems to be related to the use of the newly introduced ClassFinder#resolveClass in Java 7, which allows the sun.awt.SunToolkit class to be loaded and modified. Please note this flaw is also being exploited in the wild, and there is no patch from Oracle at this point. Our module has been successfully tested on multiple setups, including: IE, Firefox, Chrome and Safari on Windows, Linux and OS X, etc.
-
20:51
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. The vulnerability seems to be related to the use of the newly introduced ClassFinder#resolveClass in Java 7, which allows the sun.awt.SunToolkit class to be loaded and modified. Please note this flaw is also being exploited in the wild, and there is no patch from Oracle at this point. Our module has been successfully tested on multiple setups, including: IE, Firefox, Chrome and Safari on Windows, Linux and OS X, etc.
-
20:51
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in Java 7, which allows an attacker to run arbitrary Java code outside the sandbox. The vulnerability seems to be related to the use of the newly introduced ClassFinder#resolveClass in Java 7, which allows the sun.awt.SunToolkit class to be loaded and modified. Please note this flaw is also being exploited in the wild, and there is no patch from Oracle at this point. Our module has been successfully tested on multiple setups, including: IE, Firefox, Chrome and Safari on Windows, Linux and OS X, etc.
-
-
17:00
»
SecuriTeam
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
-
-
17:00
»
SecuriTeam
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
-
-
17:00
»
SecuriTeam
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
-
17:00
»
SecuriTeam
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
-
17:00
»
SecuriTeam
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
-
-
17:00
»
SecuriTeam
Oracle Java SE is prone to is prone to a remote code-execution vulnerability.
-
-
16:59
»
Packet Storm Security Advisories
Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
-
16:59
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
-
16:59
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
-
-
16:57
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1080-01 - The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
-
16:57
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1080-01 - The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
-
16:57
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1080-01 - The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
-
-
19:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1505-1 - It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that multiple flaws existed in the OpenJDK font manager's layout lookup implementation. A attacker could specially craft a font file that could cause a denial of service through crashing the JVM (Java Virtual Machine) or possibly execute arbitrary code. Various other issues were also addressed.
-
-
6:58
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
-
6:58
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
-
6:58
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
-
-
17:00
»
SecuriTeam
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
-
17:00
»
SecuriTeam
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
-
17:00
»
SecuriTeam
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment.
-
-
15:14
»
SecDocs
Authors:
Peter Molnar Roland Lezuo Tags:
Java Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: We will present state of the art JIT compiler design based on CACAO, a GPL licensed multiplatform Java VM. After explaining the basics of code generation, we will focus on "problematic" instructions, and point to possible ways to exploit stuff. A short introduction into just-in-time compiler techniques is given: Why JIT, about compiler invocation, runtime code modification using signals, codegeneration. Then theoretical attack vectors are elaborated: language bugs, intermediate representation quirks and assembler instruction inadequacies. With these considerations in mind the results of a CACAO code review are presented. For each vulnerability possible exploits are discussed and two realized exploits are demonstrated.
-
15:14
»
SecDocs
Authors:
Peter Molnar Roland Lezuo Tags:
Java Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: We will present state of the art JIT compiler design based on CACAO, a GPL licensed multiplatform Java VM. After explaining the basics of code generation, we will focus on "problematic" instructions, and point to possible ways to exploit stuff. A short introduction into just-in-time compiler techniques is given: Why JIT, about compiler invocation, runtime code modification using signals, codegeneration. Then theoretical attack vectors are elaborated: language bugs, intermediate representation quirks and assembler instruction inadequacies. With these considerations in mind the results of a CACAO code review are presented. For each vulnerability possible exploits are discussed and two realized exploits are demonstrated.
-
15:14
»
SecDocs
Authors:
Peter Molnar Roland Lezuo Tags:
Java Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: We will present state of the art JIT compiler design based on CACAO, a GPL licensed multiplatform Java VM. After explaining the basics of code generation, we will focus on "problematic" instructions, and point to possible ways to exploit stuff. A short introduction into just-in-time compiler techniques is given: Why JIT, about compiler invocation, runtime code modification using signals, codegeneration. Then theoretical attack vectors are elaborated: language bugs, intermediate representation quirks and assembler instruction inadequacies. With these considerations in mind the results of a CACAO code review are presented. For each vulnerability possible exploits are discussed and two realized exploits are demonstrated.
-
15:14
»
SecDocs
Authors:
Peter Molnar Roland Lezuo Tags:
Java Event:
Chaos Communication Congress 24th (24C3) 2007 Abstract: We will present state of the art JIT compiler design based on CACAO, a GPL licensed multiplatform Java VM. After explaining the basics of code generation, we will focus on "problematic" instructions, and point to possible ways to exploit stuff. A short introduction into just-in-time compiler techniques is given: Why JIT, about compiler invocation, runtime code modification using signals, codegeneration. Then theoretical attack vectors are elaborated: language bugs, intermediate representation quirks and assembler instruction inadequacies. With these considerations in mind the results of a CACAO code review are presented. For each vulnerability possible exploits are discussed and two realized exploits are demonstrated.
-
-
21:38
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1027-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
-
21:38
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1026-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
-
7:26
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1009-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
-
7:26
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1009-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
-
7:25
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1019-01 - The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit.
-
7:25
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1019-01 - The Oracle Java 7 release includes the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit. This update fixes several vulnerabilities in the Oracle Java 7 Runtime Environment and the Oracle Java 7 Software Development Kit.
-
7:24
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0987-04 - The SBLIM CIM Client is a class library for Java applications that provides access to CIM servers using the CIM Operations over HTTP protocol defined by the DMTF standards. It was found that the Java HashMap implementation was susceptible to predictable hash collisions. SBLIM uses HashMap when parsing XML inputs. A specially-crafted CIM-XML message from a WBEM server could cause a SBLIM client to use an excessive amount of CPU. Randomization has been added to help avoid collisions.
-
-
16:29
»
Packet Storm Security Advisories
Apple Security Advisory 2012-06-12-1 - Multiple vulnerabilities exist in Java, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_33.
-
15:56
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0734-01 - The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit.
-
15:55
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0730-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
-
15:55
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0729-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions.
-
-
16:51
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-083 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java OpenAL (JOAL) library. This library is not installed by default with Java, but it is available as a signed .jar package. The affected jar files are signed with a certificate that is trusted by default JRE installs and as such are downloaded and run without user interaction. Crafted Java applets can reach a call to 'dispatch_alDeleteBuffers1' that takes a user controllable int and uses it as a function pointer. This can lead to remote code execution under the context of the current process.
-
16:51
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-083 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java OpenAL (JOAL) library. This library is not installed by default with Java, but it is available as a signed .jar package. The affected jar files are signed with a certificate that is trusted by default JRE installs and as such are downloaded and run without user interaction. Crafted Java applets can reach a call to 'dispatch_alDeleteBuffers1' that takes a user controllable int and uses it as a function pointer. This can lead to remote code execution under the context of the current process.
-
16:51
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-082 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java OpenGL (JOGL) library. This library is not installed by default with Java, but it is available as a signed .jar package. The affected jar files are signed with a certificate that is trusted by default JRE install and as such is downloaded and run without user interaction. Crafted Java applets can reach a call to 'LoadLibraryA' in the JOGL library that allow remote .dll files to be loaded into the JRE process. This can lead to remote code execution under the context of the current process.
-
16:51
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-082 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java OpenGL (JOGL) library. This library is not installed by default with Java, but it is available as a signed .jar package. The affected jar files are signed with a certificate that is trusted by default JRE install and as such is downloaded and run without user interaction. Crafted Java applets can reach a call to 'LoadLibraryA' in the JOGL library that allow remote .dll files to be loaded into the JRE process. This can lead to remote code execution under the context of the current process.
-
16:41
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-081 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java GlueGen library. This library is not installed by default with Java, but it is available as a signed .jar package. The affected jar files are signed with a certificate that is trusted by default JRE installs and as such are downloaded and run without user interaction. Crafted Java applets can reach a call to 'openLibraryGlobal' in the GlueGen library that allow remote .dll files to be loaded into the JRE process. This can lead to remote code execution under the context of the current process.
-
-
16:42
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0702-01 - The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
-
16:42
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0702-01 - The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
-
16:42
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0702-01 - The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
-
-
19:09
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0514-01 - The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit.
-
19:09
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0514-01 - The IBM Java SE version 6 release includes the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 6 Runtime Environment and the IBM Java 6 Software Development Kit.
-
-
13:54
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0508-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
-
13:54
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0508-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
-
13:54
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0508-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.
-
-
15:07
»
Packet Storm Security Advisories
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
15:07
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
15:07
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-04-12-1 - Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 is now available. As a security hardening measure, the Java browser plugin and Java Web Start are deactivated if they are unused for 35 days. Installing this update will automatically deactivate the Java browser plugin and Java Web Start. Users may re-enable Java if they encounter Java applets on a web page or Java Web Start applications.
-
-
18:14
»
Packet Storm Security Advisories
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
18:14
»
Packet Storm Security Recent Files
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
18:14
»
Packet Storm Security Misc. Files
Apple Security Advisory 2012-04-03-1 - Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available. It addresses multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox.
-
-
16:55
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
-
16:55
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability due to the fact that AtomicReferenceArray uses the Unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.
-
-
8:04
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0343-01 - The IBM 1.4.2 SR13-FP11 Java release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
-
-
22:12
»
Packet Storm Security Exploits
This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
-
22:12
»
Packet Storm Security Recent Files
This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
-
22:12
»
Packet Storm Security Misc. Files
This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. The arguments passed to Java Web Start are not properly validated, allowing injection of arbitrary arguments to the JVM. By utilizing the lesser known -J option, an attacker can take advantage of the -XXaltjvm option, as discussed previously by Ruben Santamarta. This method allows an attacker to execute arbitrary code in the context of an unsuspecting browser user. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled.
-
-
21:32
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.
-
21:32
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.
-
21:32
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.
-
21:30
»
Packet Storm Security Advisories
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
-
21:30
»
Packet Storm Security Recent Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
-
21:30
»
Packet Storm Security Misc. Files
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
-
-
18:10
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
-
18:10
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
-
18:10
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
-
-
19:27
»
Packet Storm Security Exploits
This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.
-
19:27
»
Packet Storm Security Recent Files
This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.
-
19:27
»
Packet Storm Security Misc. Files
This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.
-
18:37
»
Packet Storm Security Advisories
PRE-CERT Security Advisory - The function countCENHeaders() in zip_util.c of the java.util.zip implementation contains an off-by-one bug. The bug can be exploited via corrupted ZIP files to cause an endless recursion. The endless recursion results in a segmentation fault of the JVM. Oracle Java SE and IcedTea6 have multiple affected versions.
Skip to page:
1
2
3
...
5
0day.today (was: 1337day, Inj3ct0r, 1337db) (159 unread)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution