EUVD-2020-26765

Malware in sbrugna...

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

CVE-2021-30179

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

Deserialization of untrusted data

Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the service and method specified in the first arguments of the invocation and use the Java Reflection API...

ysoserial

This is a Java tool called ysoserial, which is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool is designed to create payloads that can be used to execute arbitrary code on a Java application that performs unsafe deserialization of objects...

CVE-2020-5604

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

Design/Logic Flaw

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

CVE-2020-5604

CVE-2020-5604 affects the Android App “Mercari” (Japan version) prior to version 3.52.0. The vulnerability arises from inadequate restrictions on addJavascriptInterface in WebView, enabling a remote attacker to trigger arbitrary Java method execution via Java Reflection API from JavaScript code o...

CVE-2020-5604

Android App 'Mercari' Japan version prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView...

JVN#93167107: Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of Java object

Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability which may allow arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Impact An arbitrary method of a Java object may be executed by a remote attacker...

Researchers Divulge 30 Oracle Java Cloud Service Bugs

Upset with the vulnerability handling process at Oracle, researchers yesterday disclosed more than two dozen outstanding issues with the company’s Java Cloud Service platform. Researchers at Security Explorations published two reports, complete with proof of concept codes, explaining 30 different...

Design/Logic Flaw

The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...

[SE-2012-01] New security vulnerabilities and broken fixes in IBM Java

Hello All, Security Explorations discovered 7 additional security issues 62-68 in the latest version of IBM SDK, Java Technology Edition software 1. A majority of the new flaws are due to insecure use or implementation of Java Reflection API. Additionally to the above, we found out that four issu...

Two More Java Zero Days Found by Polish Research Team

The seemingly endless list of critical zero day bugs found in Java grew longer today with news that one of the flaws fixed in Oracle’s recent patches for the product is under attack and when that bug is paired with another, separate vulnerability, the sandbox in the latest build of Java can be...

Fujitsu Java Runtime Environment reflection API vulnerability

Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...

Sun Java Reflection API security bypass vulnerabilities

Overview Multiple vulnerabilities in the Sun Java Reflection API may allow an untrusted Java applet to bypass security restrictions and execute arbitrary code. Description The Sun Java Reflection API allows Java classes to determine information about other Java classes, such as public methods...