CVE-2012-6636

CVE-2012-6636 corresponds to an Android WebView issue where WebView.addJavascriptInterface is not properly restricted, allowing crafted JavaScript to invoke Java object methods via Reflection and potentially achieve remote code execution on apps targeting API level 16 or earlier. Connected docs s...

[SECURITY] Fedora 19 Update: xstream-1.3.1-5.1.fc19

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

Android Browser and WebView addJavascriptInterface Code Execution

This module exploits a privilege escalation issue in Android 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs exposed by the Interface and...

Android Browser and WebView addJavascriptInterface Code Execution

This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs...

Android Browser / WebView addJavascriptInterface Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Android", :arch = ARCHARMLE, :javascript = true, :rank = ExcellentRanking, :vulntest = %Q| for i in top try...

Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)

A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to an access control failure in the com.sun.jmx.mbeanserver package and in the invokeWithArguments method of the java.lang.invoke.MethodHandle class. A remote attacker could trigger this vulnerability by usi...

Oracle Java Private MethodHandle Sandbox Bypass (CVE-2013-5893)

A sandbox bypass vulnerability exists in Oracle Java. The vulnerability is due to a failure to restrict access toprivate methods via reflection. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to visit a webpage containing a maliciously crafted Java applet...

Updated ntp packages work around security vulnerability

The "monlist" command of the NTP protocol is currently abused in a DDoS reflection attack. This is done by spoofing packets from addresses to which the attack is directed to. The ntp installations itself are not target of the attack, but they are part of the DDoS network which the attacker is...

iGENUS5. 0 E-mail system of some vulnerability package injection and landing, etc-vulnerability warning-the black bar safety net

When nothing download a iGENUS5. 0 look at the watch, time is tight, only to see a probably. A large number of government, schools, scientific research institutions, large companies in the use of this system. Be the first to say I use the version and environment: ! 1 ! 2 ! 3 The entire program, n...

Oracle Java MBeanInstantiator.findClass Remote Code Execution - Ver2 (CVE-2013-0422)

A code execution vulnerability has been reported in Oracle Java. The vulnerability is due to an access control failure in the com.sun.jmx.mbeanserver package and in the invokeWithArguments method of the java.lang.invoke.MethodHandle class. A remote attacker could trigger this vulnerability by usi...

Abusing Network Time Protocol (NTP) to perform massive Reflection DDoS attack

In 2013, we have seen a significant increase in the use of a specific distributed denial of service DDoS methodology known as Distributed Reflection Denial of Service attacks DrDoS. Open and misconfigured DNS Domain Name System can be used by anyone to resolve domain names to IP addresses are...

Fedora 19 : php-5.5.7-1.fc19 (2013-23208)

12 Dec 2013, PHP 5.5.7 CLI server : - Added some MIME types to the CLI web server Chris Jones - Implemented FR 65917 getallheaders is not supported by the built-in web server - also implements apacheresponseheaders Andrea Faulds Core : - Fixed bug 66094 unregistertickfunction tries to cast a...

Chargen Probe Utility

Chargen is a debugging and measurement tool and a character generator service. A character generator service simply sends data without regard to the input. Chargen is susceptible to spoofing the source of transmissions as well as use in a reflection attack vector. The misuse of the testing featur...

JDK: java.lang.reflect.Method invoke() code execution

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...

World's 3rd Largest Chinese Bitcoin exchange hit by 100Gbps DDoS attack

In March of this year, we saw the first ever 300 Gigabit DDoS attack, which was possible due to a DNS Reflection Amplification attack against Spamhaus. On 24 September World's 3rd Largest Bitcoin exchange BTC China, a platform where both Bitcoin and Chinese yuan are traded faced massive DDoS atta...

World's 3rd Largest Chinese Bitcoin exchange hit by 100Gbps DDoS attack

In March of this year, we saw the first ever 300 Gigabit DDoS attack, which was possible due to a DNS Reflection Amplification attack against Spamhaus. On 24 September World's 3rd Largest Bitcoin exchange BTC China, a platform where both Bitcoin and Chinese yuan are traded faced massive DDoS atta...

October 2013 Oracle Java Critical Patch Update

On Tuesday, for the first time, Java security updates were included with the quarterly Oracle Critical Patch Update – and just as quickly, Java wasted no time elevating itself as the top concern for Oracle admins and security experts. Of the 51 Java patches released, 50 allow for remote code...

Java Reflection API Vulnerability Exploited

No Java component has had a bigger bull’s eye on its back this year than the Java Reflection API. Bug hunters and hackers alike have found a number of zero-days related to the Reflection API, most of which enable the remote execution of code outside the Java sandbox that’s supposed to prevent suc...

CVE-2013-3132

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka...