Page 81 of 431 results (0.014 seconds)

CVSS: 4.0EPSS: 39%CPEs: 64EXPL: 0

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. Sun Java Runtime Environment (JRE) en JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 y anteriores, SDK y JRE 1.4.2_15 y earlier, y SDK y JRE 1.3.1_20 y anteriores, cuando applet caching está activo, permite a atacantes remotos violar el modelo de seguridad para conexiones de salida del applet a través de un ataque de recinvulación del DNS. • http://conference.hitb.org/hitbsecconf2007kl/?page_id=148 http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf http://dev2dev.bea.com/pub/advisory/272 http://docs.info.apple.com/article.html?artnum=307177 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html htt •

CVSS: 9.3EPSS: 15%CPEs: 3EXPL: 1

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Vulnerabilidad no especificada en la implementación del parche fuente en Sun JDK and JRE 5.0 Update 9 y anteriores, y SDK y JRE 1.4.2_14 y anteriores, permite a atacantes remotos llevar a cabo acciones no autorizadas a través de un applet que gana ciertos privilegios por si mismo. • https://www.exploit-db.com/exploits/30502 http://dev2dev.bea.com/pub/advisory/248 http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/26402 http://secunia.com/advisories/26631 http://secunia.com/advisories/26933 http://secunia.com/advisories/27203 http://secunia.com/advisories/27716 http://secunia. •

CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. Vulnerabilidad no especificada en Java Runtime Environment (JRE) Applet Class Loader en Sun JDK y JRE 5.0 Update 11 y versiones anteriores , 6 hasta 6 Update 1, y SDK y JRE 1.4.2_14 y versiones anteriores, permite a atacantes remotos romper el modelo de seguridad en las conexiones salientes de un applet al conectarse a determinados servicios localhost ejecutándose en la máquina que cargó el applet. • http://dev2dev.bea.com/pub/advisory/248 http://docs.info.apple.com/article.html?artnum=307177 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://secunia.com/advisories/26314 http://secunia.com/advisories/26369 http://secunia.com/advisories/26631 http://secunia.com/advisories/26645 http://secunia.com/advisories/26933 http://secunia.com/advisories/27266 http://secunia.com •

CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0

The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715. La implementación de Java XML Digital Signature en Sun JDK y JRE versión 6 anterior a Update 2, no procesa apropiadamente hojas de estilo XSLT en las transformaciones de XSLT en firmas XSLT, lo que permite a atacantes dependiendo del contexto ejecutar código arbitrario por medio de una hoja de estilo diseñada, un problema relacionado con CVE-2007-3715. • http://dev2dev.bea.com/pub/advisory/248 http://osvdb.org/36664 http://secunia.com/advisories/26031 http://secunia.com/advisories/26631 http://secunia.com/advisories/26933 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1 http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml http://www.isecpartners.com/advisories/2007-04-dsig.txt http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf http://www.securityfocus.com/archive/1/473552/100/0/thr • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 17%CPEs: 5EXPL: 0

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. Una vulnerabilidad de salto de directorio en PersistenceService en Sun Java Web Start en JDK y JRE versión 5.0 Update 11 y anteriores, y Java Web Start en SDK y JRE versión 1.4.2_13 y anteriores, para Windows, permite a atacantes remotos realizar acciones no autorizadas por medio de una aplicación que otorga privilegios de sobrescritura de archivos a sí mismo. NOTA: esto puede ser aprovechado para ejecutar código arbitrario sobrescribiendo un archivo .java.policy. • http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://osvdb.org/37755 http://secunia.com/advisories/25823 http://secunia.com/advisories/28115 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102957-1 http://www.securityfocus.com/archive/1/472673/100/0/threaded http://www.securityfocus.com/bid/24695 http://www.securitytracker.com/id?1018328 http://www.vupen.com/english/advisories/2007/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •