Twenty Year Anniversary
Showing 1 - 21 of 21 RSS Feed

Files from Marc Schoenefeld

Email addressmarc.schoenefeld at
First Active2002-06-10
Last Active2009-05-27
OS X Java Hardening
Posted May 27, 2009
Authored by Marc Schoenefeld

Quick write up discussing how you can harden OS X to protect yourself from the recent Java vulnerability.

tags | paper, java
systems | apple, osx
advisories | CVE-2008-5353
MD5 | b713cd7d5e08c9c12099198885f57504
Posted Oct 9, 2006
Authored by Marc Schoenefeld | Site

HITBSecConf2006 Presentation - Pentesting Java/J2EE - Discovering Remote Holes.

tags | java, remote
MD5 | d5a23c4ff73ec13b47286f9d67383f36
Posted Dec 2, 2005
Authored by Marc Schoenefeld

Opera 8.50 is susceptible to a denial of service condition via an applet.

tags | advisory, denial of service
MD5 | 4127abd26949b8d4f5affb8a92ee8c41
Posted Nov 5, 2005
Authored by Marc Schoenefeld

There is a vulnerability with how JDK is used with Parosproxy that allows the JDBC to be used as an attack path.

tags | advisory
MD5 | 4f93b29da59b8ddac3b92b5114da66fa
Posted Nov 5, 2005
Authored by Marc Schoenefeld | Site

Advisory regarding the ability to denial of service JBoss 4.0.2 with serialized java object due to vulnerabilities in JDK 1.4.2.

tags | advisory, java, denial of service, vulnerability
MD5 | ca69972e0ee879de282a47be312f17cd
Posted Oct 11, 2005
Authored by Marc Schoenefeld

Secure Java Programming - The talk is about the causes and effects of coding errors and the techniques to detect them, demonstrated with findings in the current Sun JDK.

tags | java
MD5 | e4012f9e73716a6dda8711b642802f41
Posted Aug 31, 2005
Authored by Marc Schoenefeld | Site

Xcon 2005: Java & Secure Programming

tags | java
MD5 | 88ffcf7b528ea654c44bb935b657e5fd
Posted Jul 7, 2005
Authored by Marc Schoenefeld | Site

JBoss jBPM suffers from a remote command execution flaw that allows a remote attacker to execute commands with the rights of the JBoss process.

tags | advisory, remote
MD5 | 8796fa4fd04467b9e6490dad6668214a
Posted Apr 17, 2005
Authored by Marc Schoenefeld | Site

MacOSX Java Runtime Environment Remote Denial of Service. Java SDK and JRE contain a flaw which crops up when objects are being de-serialized. This affects servers which are remotely getting data fed over RMI/IIOP, as well as "evil applet" attacks where a user can be persuaded to visit a site and attempt to load an applet.

tags | advisory, java, remote, denial of service
MD5 | c00a95239d9949a40ef993dca9a12842
Posted Dec 31, 2004
Authored by Marc Schoenefeld

A vulnerability in the Java Runtime Environment (JRE) involving object deserialization could be exploited remotely to cause the Java Virtual Machine to become unresponsive, which is a type of Denial-of-Service (DoS). This issue can affect the JRE if an application that runs on it accepts serialized data from an untrusted source. Includes Sun advisory announcing release of JDK 1.4.2_06 and a note from Marc Shoenefeld who discovered the flaw.

tags | advisory, java
MD5 | 90a7b52d93f76377be6e4f3bf4a7f36d
Posted Nov 20, 2004
Authored by Marc Schoenefeld | Site

Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain privileges. This allows for information gathering as well as denial of service effects.

tags | advisory, java, denial of service
MD5 | a67b11d7269a7f701fd1a3682d495e7b
Posted Aug 5, 2004
Authored by Marc Schoenefeld | Site

Sun Security Advisory - The XSLT processor included with the Java Runtime Environment (JRE) may allow an untrusted applet to read data from another applet that is processed using the XSLT processor and may allow the untrusted applet to escalate privileges. All variants of Sun Java JRE 1.4.x and Sun Java SDK 1.4.x are affected, except releases 1.4.2_05 and above.

tags | advisory, java
MD5 | d87c0af157537d5cd6452d44facff79a
Posted Jul 12, 2004
Authored by Marc Schoenefeld

The Microsoft Java Virtual Machine suffers from a cross-site communication vulnerability that allows Java applets originating from different domains to communicate.

tags | advisory, java
MD5 | 61ab28abd50ab3af13559c8c4509bfc7
Posted May 28, 2004
Authored by Marc Schoenefeld

Sun-Java-App-Server PE version 8.0 suffers from a path disclosure vulnerability when returning server error 500 pages.

tags | advisory, java
MD5 | a1340be73e5fa96fb10be66e55cb2789
Posted Feb 5, 2004
Authored by Marc Schoenefeld | Site

IBM cloudscape SQL Database (DB2J) version 5.1 on Windows with jdk 1.4.2 is vulnerable to remote command injection, denial of service attacks, and information leakage via specially crafted SQL statements.

tags | advisory, remote, denial of service
systems | windows
MD5 | 34808051fb93ae87a4b41af19b89a69d
Posted Jan 19, 2004
Authored by Marc Schoenefeld | Site

Attached is an exploit that crashes the Pointbase 4.6 database server that comes with the J2EE reference implementation. It is caused by fact that the Pointbase installation coming with j2ee/ri 1.4. is not equipped with an appropriate security manager, thus giving all jars implicitly all permissions. These unlimited permissions can be exploited by an attacker using jdbc to crash the jvm running the pointbase server. Further exploitations possible are information disclosure and remote command injection.

tags | exploit, remote, info disclosure
MD5 | 656290e3971e2cf1d90448e0af989f95
Posted Oct 9, 2003
Authored by Marc Schoenefeld | Site Security Alert - Openoffice 1.1.0 is vulnerable to a denial of service attack when enabled and a TCP connection to the daemon gets fed a bunch of zeroes.

tags | exploit, denial of service, tcp
MD5 | 6379b995196fde39663d7c7af9de8cd2
Posted Oct 6, 2003
Authored by Marc Schoenefeld | Site Security Alert - JBoss 3.2.1, the Java server for running J2EE enterprise applications, is vulnerable to denial of service attacks, log manipulation, manipulation of process variables, and arbitrary command injection.

tags | advisory, java, denial of service, arbitrary
MD5 | 293a3d8fbdf93758ec5f64e0dafc6da2
Posted Jun 3, 2003
Authored by Marc Schoenefeld | Site

Boss 3.2.1 with Jetty is vulnerable to full JSP source code disclosure when using a null byte.

tags | exploit
MD5 | d63a80b2f8b61a884e79e56655387094
Posted Feb 11, 2003
Authored by Marc Schoenefeld | Site

A specially constructed Java Applet crashes Opera versions 6.05 and 7.01. Opera's own class files in the opera.jar library are susceptible to a buffer overrun which causes a JVM crash and then crashes Opera.

tags | exploit, java, overflow
MD5 | 725fec5e451ee6bf4bcbb1761bddc632
Posted Jun 10, 2002
Authored by Marc Schoenefeld

This simple java program crashes the VM (at least 1.3.1-b24) on W2K, and is another example of Java-Frontier Bugs.

tags | exploit, java
MD5 | f832602e94c83b1f5af593fb621d4f03
Page 1 of 1

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2018 Packet Storm. All rights reserved.

Security Services
Hosting By