CVE-2011-5157

CVE-2011-5157: A local untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges by placing a Trojan horse DLL in the current working directory. This is the same family as CVE-2011-0107 and is tied to Attachmate Reflection’s Windows client....

OpenJDK: beans insufficient permission checks, Java 7 0day (beans, 7162473)

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

Oracle Releases Fix For Java CVE-2012-4681 Flaw

Oracle on Thursday released a new version of Java that included a fix for the CVE-2012-4681 vulnerability that has been used in limited targeted attacks in the last couple of weeks. The release of Java 7 update 7 comes about four days after the Java flaw was publicly disclosed, but several months...

CVE-2012-4681

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

Immunity Canvas: JAVA_FORNAME_GETFIELD

Name| javaforNamegetField ---|--- CVE| CVE-2012-4681 Exploit Pack| CANVAS Description| Java forName/getField Method Invocation Sandbox Bypass Notes| CVE Name: CVE-2012-4681 VENDOR: Sun Notes: There is a method invocation vulnerability using sun.awt.SunToolkit.getField This vulnerability can then ...

Java 7 Applet Remote Code Execution

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

CVE-2012-4681

CVE-2012-4681 affects Oracle Java SE 7 (JRE) up to Update 6, and earlier; vulnerability chain bypasses SecurityManager via beans permission checks and restricted package access, using ClassFinder.findClass and reflection with a trusted immediate caller to reach private fields. Exploitation in the...

For the LULZ of it, I apologize to Lulzsec

Note : This Article Cross posted from our Magazine's 13th Issue - August 2012 called "BOTNET | The Hacker News Magazine", Written by Ann Smith Executive Editor, The Hacker News Magazine. You can Download full magazine free here. Shame on me. When someone mentioned Lulzsec I would slightly bristle...

Immunity Canvas: JAVA_ATOMICREFERENCEARRAY

Name| javaAtomicReferenceArray ---|--- CVE| CVE-2012-0507 Exploit Pack| CANVAS Description| Java AtomicReferenceArray Type Confusion Sandbox Bypass Notes| CVE Name: CVE-2012-0507 VENDOR: Sun Notes: There is a Type Confusion vulnerability in java.util.concurrent.atomic.AtomicReferenceArray class...

Oracle Java JOGL NEWT Reflection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NEWT library due...

CVE-2011-5012

Heap-based buffer overflow in the Reflection FTP Client rftpcom.dll 7.2.0.106 and possibly other versions, as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186,...

Heap overflow

Heap-based buffer overflow in the Reflection FTP Client rftpcom.dll 7.2.0.106 and possibly other versions, as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186,...

CVE-2011-5012

The CVE-2011-5012 entry describes a heap-based buffer overflow in Attachmate Reflection FTP Client (rftpcom.dll, v7.2.0.106 and possibly other versions) used in Reflection products. Under a LIST response with a long directory name, remote FTP servers could trigger arbitrary code execution. Affect...

CVE-2011-5012

Heap-based buffer overflow in the Reflection FTP Client rftpcom.dll 7.2.0.106 and possibly other versions, as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186,...

http-unsafe-output-escaping NSE Script

Spiders a website and attempts to identify output escaping problems where content is reflected back to the user. This script locates all parameters, ?x=foo&y=bar and checks if the values are reflected on the page. If they are indeed reflected, the script will try to insert ghzhzx"zxc'xcv and chec...

Attachmate Reflection FTP Client Heap Overflow

Application: Attachmate Reflection FTP Client Heap Overflow Platforms: Windows Exploitation: Remote code execution CVE Number: PRL: 2011-09 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Timeline 3 Technical...

Attachmate Reflection FTP Client - Heap Overflow

Application: Attachmate Reflection FTP Client Heap Overflow Platforms: Windows Exploitation: Remote code execution CVE Number: PRL: 2011-09 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Timeline 3 Technical...

Attachmate Reflection FTP Client - Heap Overflow

Attachmate Reflection FTP Client - Heap Overflow Application: Attachmate Reflection FTP Client Heap Overflow Platforms: Windows Exploitation: Remote code execution CVE Number: PRL: 2011-09 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter:...

Attachmate Reflection FTP Client Heap Overflow

Exploit for windows platform in category dos / poc Application: Attachmate Reflection FTP Client Heap Overflow Platforms: Windows Exploitation: Remote code execution CVE Number: PRL: 2011-09 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter:...

VELOCITY local code execution vulnerability-vulnerability warning-the black bar safety net

by emptiness prodigal heart velocity is a J2EE MVC architecture the most commonly used presentation layer template file, due to the excellent performance, very much of the J2EE Application, use this template. Usually when in use, and other framework-binding, the most common framework is struts2,...