CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2906
https://notcve.org/view.php?id=CVE-2007-2906
Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a denial of service (browser crash) via a Thread subclass that calls super.run from its run method. Java Embedding Plugin 0.9.6.1 permite a atacantes remotos provocar una denegación de servicio (caída de navegador) mediante una subclase de Thread que invoca super.run desde su método run. • http://osvdb.org/40925 http://sourceforge.net/project/shownotes.php?group_id=107955&release_id=501861 •
CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 0CVE-2007-2904
https://notcve.org/view.php?id=CVE-2007-2904
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Messaging Server 6.0 hasta 6.3, cuando se usa Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados, posiblemente un problema relacionado con CVE-2006-5653. • http://osvdb.org/38146 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102909-1 http://www.securitytracker.com/id?1018106 •
CVSS: 10.0EPSS: 71%CPEs: 1EXPL: 0CVE-2007-2881
https://notcve.org/view.php?id=CVE-2007-2881
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation. Múltiples desbordamientos de búfer basado en pila en el soporte de proxy SOCKS (sockd) en Sun Java Web Proxy Server anterior a 4.0.5 permite a atacantes remotos ejecutar código de su elección mediante paquetes manipulados durante la negociación del protocolo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536 http://osvdb.org/35841 http://secunia.com/advisories/25405 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1 http://www.kb.cert.org/vuls/id/746889 http://www.securityfocus.com/bid/24165 http://www.securitytracker.com/id?1018130 http://www.vupen.com/english/advisories/2007/1957 https://exchange.xforce.ibmcloud.com/vulnerabilities/34524 •
CVSS: 7.8EPSS: 6%CPEs: 6EXPL: 0CVE-2007-2466
https://notcve.org/view.php?id=CVE-2007-2466
Unspecified vulnerability in the LDAP Software Development Kit (SDK) for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service (crash) via certain BER encodings. Vulnerabilidad no especificada en LDAP Software Development Kit (SDK) para C, como el usado en Sun Java System Directory Server 5.2 hasta el Patch 4 y Sun ONE Directory Server 5.1, permite a atacantes remotos provocar una denegación de servicio (caída) mediante ciertas codificaciones BER. • http://osvdb.org/35743 http://secunia.com/advisories/25091 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102895-1 http://www.securityfocus.com/bid/23743 http://www.securitytracker.com/id?1017991 http://www.vupen.com/english/advisories/2007/1610 https://exchange.xforce.ibmcloud.com/vulnerabilities/34002 •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2007-2435 – javaws vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2435
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. Sun Java Web Start en JDK y JRE 5.0 hasta 10 y anteriores, y Java Web Start en SDK y JRE 1.4.2_13 y anteriores, permite a atacantes remotos realizar acciones no autorizadas a través de una aplicación que concede privilegios a si mismo, relacionado con "Uso incorrecto de sistemas de clases" y probablemente relacionado con el apoyo para ficheros JNLP. • http://dev2dev.bea.com/pub/advisory/241 http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://osvdb.org/35483 http://secunia.com/advisories/25069 http://secunia.com/advisories/25283 http://secunia.com/advisories/25413 http://secunia.com/advisories/25474 http://secunia.com/advisories/25832 http://secunia.com/advisories/26311 http://secunia.com/advisories/26369 http://secunia.com/advisories/28 • CWE-264: Permissions, Privileges, and Access Controls •