1467 matches found
Sandbox-Bypass Exploits Hacks Java 7u21 Update
Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new prompts warning users when applets are potentially malicious. It took less than a week, however, to...
Unfixed Reflection API vulnerability reported in Java
Founder and CEO of Security Explorations of Poland, Adam Gowdiak has reported a new unpatched security vulnerability in JAVA that affects all Java versions, including 7u21 released last Tuesday. Gowdiak claims to have sent to Oracle a report about a reflection API vulnerability in the newly shipp...
Java Applet Reflection Type Confusion Remote Code Execution
Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core...
Java Applet Reflection Type Confusion Remote Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...
Java Applet - Reflection Type Confusion Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...
[SE-2012-01] Details of issues fixed by Java SE 7 Update 21
Hello All, Today, Oracle released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year Issues 51, 55 and 57-60. Our original vulnerability reports and Proof of Concept codes for these and some previously disclosed...
OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...
CVE-2013-2423
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...
Type confusion
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...
OpenJDK: incorrect setter access checks in MethodHandles (Hostspot, 8009677)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...
CVE-2013-2423
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...
CVE-2013-2423
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented...
World's biggest DDoS attack that Almost Broke the Internet
The last week has seen probably the largest distributed denial-of-service DDoS attack ever. A massive 300Gbps was thrown against Internet blacklist maintainer Spamhaus' website but the anti-spam organisation , CloudFlare was able to recover from the attack and get its core services back up and...
OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by 1 using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using t...
OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...
OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...
OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...
CVE-2013-1488
The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...
Design/Logic Flaw
The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...
CVE-2013-1488
The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James...