Code injection

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load...

CVE-2019-10245

CVE-2019-10245 affects Eclipse OpenJ9 where the Java bytecode verifier could allow a method to run past the end of a bytecode array, potentially crashing the JVM. The issue is fixed in OpenJ9 release 0.14.0 and later, which correctly rejects the problematic class load. Public references in the pr...

CVE-2019-10245

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load...

50m-ctf: `Cody trolled us all` h1-702 CTF write-up

Premise I use not to play CTF challenges because they usually absorb me entirely. I cannot think of anything else but "I want that flag!". That said, this is going to be a long story: no princess, no dragoons, only a tweet. https://twitter.com/Hacker0x01/status/1100543680383832065 Level 0 - Nothi...

RHEL 7 : groovy (RHSA-2017:2486)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2486 advisory. Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby,...

custom-bytecode-analyzer - Java bytecode analyzer customizable via JSON rules

Java bytecode analyzer customizable via JSON rules. It is a command-line tool that receives a path containing one or more Jar files, analyzes them using the provided rules and generates HTML reports with the results. Usage usage: java -jar cba-cli.jar OPTIONS -a DIRECTORYTOANALYZE -a,--analyze Pa...

JReFrameworker - Practical Managed Code Rootkits for Java

This project aims to extend the work done by Erez Metula in his book Managed Code Rootkits: Hooking into Runtime Environments. The work outlines a tool ReFrameworker that claims to be a framework modification tool capable of performing any modification task, however the tool falls short in...

Symantec Java! JustInTime Compiler 210.65 Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6222/info A vulnerability has been discovered in the Java! JustInTime compiled used by Netscape Communicator, related to the generation of Intel instructions from specially constructed Java bytecode. If a malicous applet ...

jdwp-exec NSE Script

Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script abuses this to inject and execute a Java class file that executes the supplied shell command and returns its output. The...

CVE-1999-0141

CVE-1999-0141 concerns the Java Bytecode Verifier, where the verifier as implemented in the Java runtime allows malicious applets to execute arbitrary commands with the permissions of the applet user. The provided sources reiterate this description but do not specify affected products/versions, r...

CVE-1999-0141

Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet...

CVE-1999-0141

Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet...