Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability

Added: 07/11/2013 CVE: CVE-2013-2460 BID: 60635 OSVDB: 94346 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Java Applet ProviderSkeleton Class Insecure Invoke Method (CVE-2013-2460)

A vulnerabilty has been reported in the ProviderSkeleton class which allows to call arbitrary static methods with user supplied arguments...

Java Applet - ProviderSkeleton Insecure Invoke Method (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false EXPLOITSTRING =...

Java Applet ProviderSkeleton Insecure Invoke Method

This module abuses the insecure invoke method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier. This module requires Metasploit: https://metasploit.com/download Current source:...