[SE-2012-01] New security vulnerabilities and broken fixes in IBM Java

Hello All, Security Explorations discovered 7 additional security issues 62-68 in the latest version of IBM SDK, Java Technology Edition software 1. A majority of the new flaws are due to insecure use or implementation of Java Reflection API. Additionally to the above, we found out that four issu...

Java Applet Reflection Type Confusion Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

Two More Java Zero Days Found by Polish Research Team

The seemingly endless list of critical zero day bugs found in Java grew longer today with news that one of the flaws fixed in Oracle’s recent patches for the product is under attack and when that bug is paired with another, separate vulnerability, the sandbox in the latest build of Java can be...

Fujitsu Java Runtime Environment reflection API vulnerability

Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...

Sun Java Reflection API security bypass vulnerabilities

Overview Multiple vulnerabilities in the Sun Java Reflection API may allow an untrusted Java applet to bypass security restrictions and execute arbitrary code. Description The Sun Java Reflection API allows Java classes to determine information about other Java classes, such as public methods...

CVE-2004-2331

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag...

CVE-2004-2331

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag...

PT-2004-3225 · Adobe · Coldfusion Mx

Name of the Vulnerable Software and Affected Versions: ColdFusion MX versions 6.1 and 6.1 J2EE Description: The issue allows local users to bypass sandbox security restrictions and obtain sensitive information. This is achieved by using Java reflection methods to access trusted Java objects witho...