Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. "The legitimate application used in the attack, jarsigner, is a file created during the installation of the...

Fedora 32 : 1:java-11-openjdk (2021-555c9aef71)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-555c9aef71 advisory. - New in release OpenJDK 11.0.10 2021-01-19: Live versions of these release notes can be found at: https://bitly.com/openjdk11010...

Metasploit Framework 6.0.11 Command Injection

Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection Exploit Author: Justin Steven Vendor Homepage: https://www.metasploit.com/ Software Link: https://www.metasploit.com/ Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0 CVE : CVE-2020-7384 !/usr/bin/e...

Metasploit Framework 6.0.11 - msfvenom APK template command injection

Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection Exploit Author: Justin Steven Vendor Homepage: https://www.metasploit.com/ Software Link: https://www.metasploit.com/ Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0 CVE : CVE-2020-7384 !/usr/bin/e...

Androspy - Backdoor Crypter & Creator With Automatic IP Poisener

Androspy : is Backdoor Crypter & Creator with Automatic IP Poisener Coded By Belahsan Ouerghi Dependencies keytool jarsigner Apache2 Metasploit-Framework xterm Installation sudo apt-get install git git clone https://github.com/TunisianEagles/Androspy.git cd Androspy chmod +x setup.sh sudo...

Oracle Java SE 'jarsigner' Security Bypass Vulnerability - Linux

Oracle Java SE is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Java SE 'jarsigner' Security Bypass Vulnerability - Windows

Oracle Java SE is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:jre";...

CVE-2013-4578

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

Design/Logic Flaw

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

CVE-2013-4578

The CVE targets jarsigner in OpenJDK and Oracle Java SE prior to 7u51, allowing an attacker to bypass code-signing protection and inject unsigned bytecode into a signed JAR due to improper file validation. Affected: OpenJDK and Oracle Java SE (pre-7u51). Root cause is improper file validation in ...

CVE-2013-4578

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

AndroTickler - Penetration Testing and Auditing Toolkit for Android Apps

A java tool that helps to pentest Android apps faster, more easily and more efficiently. AndroTickler offers many features of information gathering, static and dynamic checks that cover most of the aspects of Android apps pentesting. It also offers several features that pentesters need during the...

kwetza - Python script to inject existing Android applications with a Meterpreter payload

Kwetza is a tool that allows you to infect an existing Android application with a Meterpreter payload. What does it do? Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-977)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2016-976)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.7 - OpenJDK 7u111 - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: - Update to 2.6.7 - OpenJDK 7u111 Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 - S8147771: Construction of static protection domai...

OpenJDK Security Restriction Bypass Vulnerability

OpenJDK is the Java Platform, Standard Edition and related projects of the open source implementation of the collaborative platform . A security restriction bypass vulnerability exists in OpenJDK jarsigner. An attacker can exploit this vulnerability to bypass certain security restrictions because...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...