jdk7-openjdk: multiple issues

CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...

jre7-openjdk-headless: multiple issues

CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...

OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot...

OpenJDK: insufficient bytecode verification (Hotspot, 8155981)

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot...

OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot...

OpenJDK: insufficient bytecode verification (Hotspot, 8155981)

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot...

OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot...

OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot...

OpenJDK: integer overflows in bytecode streams (Hotspot, 8152479)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot...

OpenJDK: insufficient bytecode verification (Hotspot, 8155981)

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot...

MARA Framework - Mobile Application Reverse engineering and Analysis Framework

MARA is a M obile A pplication R everse engineering and A nalysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security...

The vulnerability of the Redis database management system allows a hacker to execute arbitrary Lua bytecode.

The vulnerability of the deps/lua/src/ldo.c component of the Redis database management system is related to incorrect data type conversion. Exploiting this vulnerability allows a malicious actor to execute any Lua bytecode using a specially crafted eval command...

The vulnerability of the Flash Player software allows a malicious attacker to execute arbitrary code or cause a service failure.

The Flash Player software contains a vulnerability that stems from the use of memory after it is freed. Exploitation of this vulnerability can be carried out by a malicious actor using a specially crafted swf file. As a result of exploiting this vulnerability, a malicious actor can execute...

The vulnerability of the Flash Player software allows a malicious attacker to execute arbitrary code or cause a service failure.

The Flash Player software contains a vulnerability that stems from the use of memory after decompression in the ByteArray::UncompressViaZlibVariant function. This vulnerability can be exploited by malicious actors using a specially crafted swf file. As a result of exploiting this vulnerability,...

Deobfuscating Python Bytecode

Introduction During an investigation, the FLARE team came across an interesting Python malware sample MD5: 61a9f80612d3f7566db5bdf37bbf22cf that is packaged using py2exe. Py2exe is a popular way to compile and package Python scripts into executables. When we encounter this type of malware we...

Linux/x86_x64 - execve/bin/bash - 33 bytes

Linux/x86x64 - execve/bin/bash - 33 bytes. Shellcode exploit for linx86-64 platform / --------------------------------------------------------------------------------------------------- Linux/x86x64 - execve/bin/bash - 33 bytes Ajith Kp @ajithkp560 http://www.terminalcoders.blogspot.com Om Asato...

JReFrameworker - Practical Managed Code Rootkits for Java

This project aims to extend the work done by Erez Metula in his book Managed Code Rootkits: Hooking into Runtime Environments. The work outlines a tool ReFrameworker that claims to be a framework modification tool capable of performing any modification task, however the tool falls short in...

[SECURITY] Fedora 22 Update: groovy-2.4.0-2.fc22

Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you ca...

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that...

Flash PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Exploit

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that allows the execution of arbitrar...