CVSS: 7.5EPSS: 6%CPEs: 64EXPL: 0CVE-2007-5273 – Anti-DNS Pinning and Java Applets with HTTP proxy
https://notcve.org/view.php?id=CVE-2007-5273
08 Oct 2007 — Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a differe... • http://crypto.stanford.edu/dns/dns-rebinding.pdf •
CVSS: 7.5EPSS: 4%CPEs: 69EXPL: 0CVE-2007-5274 – Anti-DNS Pinning and Java Applets with Opera and Firefox
https://notcve.org/view.php?id=CVE-2007-5274
08 Oct 2007 — Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution ... • http://crypto.stanford.edu/dns/dns-rebinding.pdf •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2007-5236
https://notcve.org/view.php?id=CVE-2007-5236
06 Oct 2007 — Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. Java Web Start en Sun JDK y JRE 5.0 Update 12 y anteriores, y SDK y JRE 1.4.2_15 y anteriores, sobre Windows no hace cumplir de forma adecuada las restricciones de acceso para aplicaciones no válidas, lo cual permite a atacantes remot... • http://dev2dev.bea.com/pub/advisory/272 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 64EXPL: 0CVE-2007-5238 – Vulnerabilities in Java Web Start allow to determine the location of the Java Web Start cache
https://notcve.org/view.php?id=CVE-2007-5238
06 Oct 2007 — Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." Java Web Start en Sun JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 yearlier, y SDK y JRE 1.4.2_15 y anteriores no hace ... • http://dev2dev.bea.com/pub/advisory/272 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 1%CPEs: 64EXPL: 0CVE-2007-5239 – Untrusted Application or Applet May Move or Copy Arbitrary Files
https://notcve.org/view.php?id=CVE-2007-5239
06 Oct 2007 — Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. Java Web Start en Sun JDK y JR... • http://dev2dev.bea.com/pub/advisory/272 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 64EXPL: 0CVE-2007-5240 – Applets or Applications are allowed to display an oversized window
https://notcve.org/view.php?id=CVE-2007-5240
06 Oct 2007 — Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. Vulnerabilidad de truncamiento visual en Java Runtime Environment en Sun JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 hasta la 12 y anteriores, SDK y J... • http://dev2dev.bea.com/pub/advisory/272 •
CVSS: 7.5EPSS: 15%CPEs: 64EXPL: 0CVE-2007-5232 – Security Vulnerability in Java Runtime Environment With Applet Caching
https://notcve.org/view.php?id=CVE-2007-5232
05 Oct 2007 — Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. Sun Java Runtime Environment (JRE) en JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 y anteriores, SDK y JRE 1.4.2_15 y earlier, y SDK y JRE 1.3.1_20 y anteriores, ... • http://conference.hitb.org/hitbsecconf2007kl/?page_id=148 •
CVSS: 9.8EPSS: 20%CPEs: 3EXPL: 1CVE-2007-4381 – Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-4381
17 Aug 2007 — Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Vulnerabilidad no especificada en la implementación del parche fuente en Sun JDK and JRE 5.0 Update 9 y anteriores, y SDK y JRE 1.4.2_14 y anteriores, permite a atacantes remotos llevar a cabo acciones no autorizadas a través de un applet que gana ciertos ... • https://www.exploit-db.com/exploits/30502 •
CVSS: 9.1EPSS: 3%CPEs: 5EXPL: 0CVE-2007-3922 – Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
https://notcve.org/view.php?id=CVE-2007-3922
21 Jul 2007 — Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. Vulnerabilidad no especificada en Java Runtime Environment (JRE) Applet Class Loader en Sun JDK y JRE 5.0 Update 11 y versiones anteriores ,... • http://dev2dev.bea.com/pub/advisory/248 •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2007-3504
https://notcve.org/view.php?id=CVE-2007-3504
30 Jun 2007 — Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. Una vulnerabilidad de salto de directorio en PersistenceService en Sun Java Web Start en JDK y JRE versión... • http://docs.info.apple.com/article.html?artnum=307177 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •