The vulnerability is caused due to a boundary error within Mini HTTPD when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Arbitrary code can be directly executed by overwriting a return address. This update only adds CVE Number.
The default Java security properties configuration does not restrict access to certain objects in the com.sun.jmx.mbeanserver packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.



This update adds support for Mac OS X 10.7.4 (i386).
Aloaha PDF Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing Aloaha users to open a specially crafted PDF file.
The DefaultActionMapper class in Apache Struts2 supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server.



This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework.
This module exploits a TinyWebGallery local file-include vulnerability because TinyWebGallery fails to properly sanitize user-supplied input. The module takes advantage of the logging capabilities of the attacked software to remotely execute arbitrary code.



This update fixes some issues related with an updated library.

Support for various platforms was added.
Subscribe to Windows