392 matches found
Java Applet AverageRangeStatisticImpl Remote Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...
Java Applet Method Handle Remote Code Execution
This module abuses the Method Handle class from a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects Java version 7u7 and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Java Applet JMX Remote Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...
Java Applet JMX Remote Code Execution
This module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in January of 2013. The vulnerability affects Java version 7u10 and earlier. This module requires Metasploit: https://metasploit.com/download Current source:...
[SET] Social-Engineer Toolkit v4.3 "Turbulence"
The Social-Engineer Toolkit SET v4.3 has been released today! This version is over two solid months of development and has over 60 new features, additions, fixes, and enhancements. Most notably is the new payload selection called “Multi-pyInjector”. Multi-pyInjector allows you to inject as many...
Java Applet JAX-WS Remote Code Execution (CVE-2012-5076)
A security bypass vulnerability has been reported in Java Runtime Environment JRE...
Java Applet - JAX-WS Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...
Oracle Java Runtime Bytecode Verifier Cache Code Execution (CVE-2012-1723)
An input validation error vulnerability has been reported in Oracle Java Runtime JRE. The vulnerability is due to a type confusion error. A remote attacker can exploit this issue by enticing a target user to open a specially crafted web page containing a Java applet or running a Java Archive JAR...
Mac OS X : Java for Mac OS X 10.6 Update 11
The remote Mac OS X host has a version of Java for Mac OS X 10.6 that is missing Update 11, which updates the Java version to 1.6.037. It is, therefore, affected by several security vulnerabilities, the most serious of which may allow an untrusted Java applet to execute arbitrary code with the...
The Rise of Cross-Platform Malware
For most of the recorded history of malware, viruses, Trojans and other malicious software have been specialists. Each piece of malware typically targeted one platform, be it Windows, OS X or now, one of the mobile platforms. But the last few months have seen the rise of cross-platform malware th...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
DEBIAN-CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
Code injection
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
CVE-2012-3423
Summary (CVE-2012-3423) : The IcedTea-Web plugin (before 1.2.1) mishandles NPVariant NPStrings that are not NUL-terminated, enabling a remote attacker to crash the browser, potentially disclose memory and/or execute arbitrary code via a crafted Java applet. This is tied to IcedTea-Web’s NPString ...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
Scientific Linux Security Update : firefox on SL4.x, SL5.x, SL6.x i386/x86_64
This erratum blacklists a small number of HTTPS certificates. BZ689430 These updated firefox packages also fixes the following bug : - Prior to this update, some Java applets would fail to load in the 3.6.14 version of Firefox. In this newly-released version Firefox 3.6.15, Java applets no longer...
CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
Cross-platform Trojan : Mac, Windows, Linux - Nothing safe !
Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and...