OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013 CVE: CVE-2013-2473 BID: 60623 OSVDB: 94336 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-88)

Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. CVE-2012-1711 , CVE-2012-1719 It was discovered that the...

Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability

Added: 07/11/2013 CVE: CVE-2013-2460 BID: 60635 OSVDB: 94346 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability

Added: 07/11/2013 CVE: CVE-2013-2460 BID: 60635 OSVDB: 94346 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

[SE-2012-01] Details of issues fixed by Java SE 7 Update 21

Hello All, Today, Oracle released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year Issues 51, 55 and 57-60. Our original vulnerability reports and Proof of Concept codes for these and some previously disclosed...

Ubuntu 10.10 : openjdk-6b18 vulnerabilities (USN-1079-3)

USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel ARM architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel ARM architectures for Ubuntu 10.10. It was discovered that untrusted Java applets could create domain name resolution cache...

Java MBeanInstantiator findClass and Introspector Sandbox Escape

Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Java MBeanInstantiator.findClass and Recursive Reflection Sandbox Escape

Added: 01/14/2013 CVE: CVE-2013-0422 BID: 57246 OSVDB: 89059 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

SuSE Update for ClamAV openSUSE-SU-2012:0833-1 (ClamAV)

Check for the Version of ClamAV OpenVAS Vulnerability Test $Id: gbsuse201208331.nasl 8295 2018-01-05 06:29:18Z teissa $ SuSE Update for ClamAV openSUSE-SU-2012:0833-1 ClamAV Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program ...

openSUSE: Security Advisory for ClamAV (openSUSE-SU-2012:0833-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

linux/x86-64 connect-back shell with netcat 109 bytes

Title : Shellcode linux/x86-64 connect-back shell with netcat Author : Gaussillusion Len : 109 byte In the file there is the shellcode in asm and the bytecode. Gaussillusion. ; Title: Shellcode linux/x86-64 connect back shell ; Author : Gaussillusion ; Len : 109 byte ; Language : Nasm ;syscall:...

linux/x86-64 bind-shell with netcat 131 bytes

; Title: Shellcode linux/x86-64 bind-shell with netcat ; Author : Gaussillusion ; Len : 131 byte ; Language : asm BITS 64 xor rdx,rdx mov rdi,0x636e2f6e69622fff shr rdi,0x08 push rdi mov rdi,rsp mov rcx,0x68732f6e69622fff shr rcx,0x08 push rcx mov rcx,rsp mov rbx,0x652dffffffffffff shr rbx,0x30...

Oracle Java Runtime Bytecode Verifier Cache Code Execution (CVE-2012-1723)

An input validation error vulnerability has been reported in Oracle Java Runtime JRE. The vulnerability is due to a type confusion error. A remote attacker can exploit this issue by enticing a target user to open a specially crafted web page containing a Java applet or running a Java Archive JAR...

Ubuntu: Security Advisory (USN-1505-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Java findMethod findClass Security Bypass

Added: 08/30/2012 CVE: CVE-2012-4681 BID: 55213 OSVDB: 84867 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java findMethod findClass Security Bypass

Added: 08/30/2012 CVE: CVE-2012-4681 BID: 55213 OSVDB: 84867 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

jdwp-exec NSE Script

Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script abuses this to inject and execute a Java class file that executes the supplied shell command and returns its output. The...

jdwp-info NSE Script

Attempts to exploit java's remote debugging port. When remote debugging port is left open, it is possible to inject java bytecode and achieve remote code execution. This script injects and execute a Java class file that returns remote system information. Example Usage nmap -sT -p...

Debian Security Advisory DSA 2507-1 (openjdk-6)

The remote host is missing an update to openjdk-6 announced via advisory DSA 2507-1. OpenVAS Vulnerability Test $Id: deb25071.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2507-1 openjdk-6 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...