1467 matches found
Authorization
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka...
Design/Logic Flaw
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka "Anonymous Method...
CVE-2013-3132
The CVE-2013-3132 issue affects Microsoft .NET Framework versions 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5. It stems from improper permission checks for objects that use reflection, allowing remote code execution when a user opens a crafted XBAP or a crafted .NET Framework application. T...
CVE-2013-3133
Microsoft .NET Framework CVE-2013-3133 affects multiple runtimes (2.0 SP2, 3.5, 3.5.1, 4, 4.5). The root cause is improper permission checks on objects that use reflection, enabling remote code execution via a crafted XBAP or a crafted .NET Framework application (anonymous method injection). Conn...
CVE-2013-3132
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka...
CVE-2013-3133
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application, aka "Anonymous Method...
MS13-052: Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)
The version of the .NET Framework installed on the remote host is reportedly affected by the following vulnerabilities : - A vulnerability exists in the way that affected components handle specially crafted TrueType font files that could lead to remote code execution. An attacker could leverage...
Microsoft .NET Framework Multiple Vulnerabilities (2861561)
This host is missing an important security update according to Microsoft Bulletin MS13-052. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Oracle's Java Security Plans Don't Address Sandbox Flaws
For all of Oracle’s bluster last Thursday about Java security enhancements, next to nothing was said about the real issue behind months of misery this year: the Java sandbox. Oracle broke its radio silence late last week with an out-of-the-blue blogpost full of promises about getting Java right...
Massive 167Gbps DDoS attacks against Banking and Financial Institutions
DDoS attackers attempted to bring down an Banking services earlier this week using one of the largest Distributed denial of service attack using DNS reflection technique. Prolexic, the global leader in Distributed Denial of Service DDoS protection services, announced that it has successfully...
Massive 167Gbps DDoS attacks against Banking and Financial Institutions
DDoS attackers attempted to bring down an Banking services earlier this week using one of the largest Distributed denial of service attack using DNS reflection technique. Prolexic, the global leader in Distributed Denial of Service DDoS protection services, announced that it has successfully...
FBI sponsored Ragebooter DDoS attack service
A website that can be described as "DDoS for hire" is perfectly legitimate, according to the owner. Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Ragebooter, is one of many sites that accepts...
FBI sponsored Ragebooter DDoS attack service
A website that can be described as "DDoS for hire" is perfectly legitimate, according to the owner. Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Ragebooter, is one of many sites that accepts...
[SE-2012-01] New security vulnerabilities and broken fixes in IBM Java
Hello All, Security Explorations discovered 7 additional security issues 62-68 in the latest version of IBM SDK, Java Technology Edition software 1. A majority of the new flaws are due to insecure use or implementation of Java Reflection API. Additionally to the above, we found out that four issu...
[SE-2012-01] Yet another Reflection API flaw affecting Oracle's Java SE
Hello All, Today, a vulnerability report with an accompanying Proof of Concept code was sent to Oracle notifying the company of a new security weakness affecting Java SE 7 software. The new flaw was verified to affect all versions of Java SE 7 including the recently released 1.7.021-b11. It can b...
Java Applet Reflection Type Confusion Remote Code Execution (CVE-2013-2423)
An unknown vulnerability has been reported in Java Runtime Environment. The vulnerability is due to unknown vectors related to HotSpot. A remote attacker can exploit this issue by enticing a target user to view a specially crafted web page...
Java Applet Reflection Type Confusion Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...
Oracle Java Runtime Environment 'Reflection API'任意代码执行漏洞
Oracle Java Runtime Environment是一款为JAVA应用程序提供可靠的运行环境的解决方案。 Oracle Java SE 7包括最近发布的1.7.021-b11存在一个安全漏洞,允许远程攻击者利用漏洞绕过Java安全沙盒,并以WEB浏览器上下文执行任意代码。 要成功利用此漏洞需要用户有一定的交互,如在显示安全警告窗口时需要用户接受执行潜在恶意Java应用的风险。 根据研究者声称,此漏洞还影响Server JRE 7。 0 Oracle Java SE 7及之前版本 厂商解决方案 目前没有详细解决方案提供: http://www.oracle.com...
Java 1.7.0_21-b11 Code Execution
No description provided by source. The new flaw was verified to affect all versions of Java SE 7 including the recently released 1.7.021-b11. It can be used to achieve a complete Java security sandbox bypass on a target system. Successful exploitation in a web browser scenario requires proper use...
Unfixed Reflection API vulnerability reported in Java
Founder and CEO of Security Explorations of Poland, Adam Gowdiak has reported a new unpatched security vulnerability in JAVA that affects all Java versions, including 7u21 released last Tuesday. Gowdiak claims to have sent to Oracle a report about a reflection API vulnerability in the newly shipp...