Next Page >>
Sun Java
VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Index
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Java is a programming language and computing platform released by
VUPEN Security Research - Sun Java JDK/JRE AWT Library Invalid Pointer
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Java is a programming language and computing platform released by
VUPEN Security Research - Sun Java JDK/JRE Unpack200 Buffer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Java is a programming language and computing platform released by
Background
==========
The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
(JRE) provide the Sun Java platform.
Affected packages
=================
-------------------------------------------------------------------
Background
==========
The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
(JRE) provide the Sun Java platform.
Affected packages
=================
-------------------------------------------------------------------
Where: From remote
======================================================================
3) Vendor's Description of Software
"Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as today's
demanding Embedded and Real-Time environments.".
Product Link:
http://java.sun.com/javase/
Where: From remote
======================================================================
3) Vendor's Description of Software
"Java Platform, Standard Edition (Java SE) lets you develop and deploy
Java applications on desktops and servers, as well as today's
demanding Embedded and Real-Time environments.".
Product Link:
http://java.sun.com/javase/
Background
==========
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
=================
-------------------------------------------------------------------
Background
==========
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
=================
-------------------------------------------------------------------
ZDI-09-049: Sun Java Pack200 Decoding Inner Class Count Integer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-049
August 5, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
Hello,
I have found a HTML Injection vulnerability in Sun Java™ System Communications Express, a web client that provides an integrated web-based communication and collaboration client to the Sun Java Communications Suite. It consists of three client modules - Calendar, Address Book, and Mail.
Here is a screen-shot that demonstrates the vulnerability:
http://sosoblood.freehostia.com/SJSC/html_injection.gif
As we can see in the picture, I was able to inject some HTML and make my name in bold at the header of the page. Also, I was able to inject an image in the test message subject that I sent to myself.
One can also inject an IFRAME or any HTML tag.
ZDI-08-080: Sun Java AWT Library Sandbox Violation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-080
December 4, 2008
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
ZDI-09-078: Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-078
November 4, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-076
November 4, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
support version 3.0 of the browser. As a result, Ubuntu is providing an
upgrade to Firefox 3.6 for Ubuntu 8.04 LTS users, which is the most current
stable release of Firefox supported by Mozilla. When upgrading, users
should be aware of the following:
- Firefox 3.6 does not support version 5 of the Sun Java plugin. Please use
icedtea-java7-plugin or sun-java6-plugin instead.
- After upgrading to Firefox 3.6.6, users may be prompted to upgrade 3rd
party Add-Ons. In some cases, an Add-On will not be compatible with
Firefox 3.6.6 and have no update available. In these cases, Firefox will
notify the user that it is disabling the Add-On.
ZDI-08-081: Sun Java Web Start and Applet Multiple Sandbox Bypass
Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-08-081
December 4, 2008
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
I. BACKGROUND
FreeType2 is an open source library for parsing fonts that is used by
many applications. This includes projects such as X.Org, Second Life,
and the Sun Java JRE. For more information, please see the vendor's
website at the following URL.
http://freetype.sourceforge.net/freetype2/
II. DESCRIPTION
ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-043
July 17, 2008
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
http://www.sun.com/software/products/web_proxy/home_web_proxy.xml.
II. DESCRIPTION
Remote exploitation of a heap based buffer overflow in Sun Microsystems
Inc.'s Sun Java Web Proxy could allow an attacker to execute arbitrary
code.
A heap based buffer overflow exists in the handling of FTP resources.
Specifically the vulnerability resides within the code responsible for
handling HTTP GET requests.
ZDI-10-056: Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-056
April 5, 2010
-- CVE ID:
CVE-2010-0840
-- Affected Vendors:
Sun Microsystems
PR08-09: Unauthenticated File Retrieval on Sun Java System Identity
Manager "ext" parameter
Date Found: 25th April 2008
Vendor Contacted: 28th April 2008
Date Public: 10th November 2008
Severity: High
ZDI-09-077: Sun Java Web Start Arbitrary Command Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-077
November 4, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
browser for a while longer. As a result, Ubuntu is providing an upgrade to
Firefox 3.6 for Ubuntu 9.04 and 9.10 users, which is the most current
stable release of Firefox supported by Mozilla. When upgrading, users
should be aware of the following:
- Firefox 3.6 does not support version 5 of the Sun Java plugin. Please use
icedtea6-plugin or sun-java6-plugin instead.
- After upgrading to Firefox 3.6.6, users may be prompted to upgrade 3rd
party Add-Ons. In some cases, an Add-On will not be compatible with
Firefox 3.6.6 and have no update available. In these cases, Firefox will
notify the user that it is disabling the Add-On.
ZDI-10-051: Sun Java Runtime RMIConnectionImpl Privileged Context Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-051
April 5, 2010
-- CVE ID:
CVE-2010-0094
-- Affected Vendors:
Sun Microsystems
ZDI-08-042: Sun Java Web Start Sandbox Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-042
July 17, 2008
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
I. BACKGROUND
FreeType2 is an open source library for parsing fonts that is used by
many applications. This includes projects such as X.Org, Second Life,
and the Sun Java JRE. For more information, please see the vendor's
website at the following URL.
http://freetype.sourceforge.net/freetype2/
II. DESCRIPTION
I. BACKGROUND
FreeType2 is an open source library for parsing fonts that is used by
many applications. This includes projects such as X.Org, Second Life,
and the Sun Java JRE. For more information, please see the vendor's
website at the following URL.
http://freetype.sourceforge.net/freetype2/
II. DESCRIPTION
ZDI-10-055: Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-055
April 5, 2010
-- CVE ID:
CVE-2010-0095
-- Affected Vendors:
Sun Microsystems
ZDI-09-079: Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-079
November 4, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
ZDI-09-050: Sun Java Web Start JPEG Header Parsing Integer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-050
August 5, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
Next Page>>
|
