Twenty Year Anniversary
Showing 1 - 21 of 21 RSS Feed

Files from Marc Schoenefeld

Email addressmarc.schoenefeld at gmx.org
First Active2002-06-10
Last Active2009-05-27
OS X Java Hardening
Posted May 27, 2009
Authored by Marc Schoenefeld

Quick write up discussing how you can harden OS X to protect yourself from the recent Java vulnerability.

tags | paper, java
systems | apple, osx
advisories | CVE-2008-5353
MD5 | b713cd7d5e08c9c12099198885f57504
DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf
Posted Oct 9, 2006
Authored by Marc Schoenefeld | Site conference.hitb.org

HITBSecConf2006 Presentation - Pentesting Java/J2EE - Discovering Remote Holes.

tags | java, remote
MD5 | d5a23c4ff73ec13b47286f9d67383f36
opera850DoS.txt
Posted Dec 2, 2005
Authored by Marc Schoenefeld

Opera 8.50 is susceptible to a denial of service condition via an applet.

tags | advisory, denial of service
MD5 | 4127abd26949b8d4f5affb8a92ee8c41
parosproxy.txt
Posted Nov 5, 2005
Authored by Marc Schoenefeld

There is a vulnerability with how JDK is used with Parosproxy that allows the JDBC to be used as an attack path.

tags | advisory
MD5 | 4f93b29da59b8ddac3b92b5114da66fa
jboss402dos.txt
Posted Nov 5, 2005
Authored by Marc Schoenefeld | Site illegalaccess.org

Advisory regarding the ability to denial of service JBoss 4.0.2 with serialized java object due to vulnerabilities in JDK 1.4.2.

tags | advisory, java, denial of service, vulnerability
MD5 | ca69972e0ee879de282a47be312f17cd
TT-Marc-Schoenefeld-Secure-Java-Programming.zip
Posted Oct 11, 2005
Authored by Marc Schoenefeld

Secure Java Programming - The talk is about the causes and effects of coding errors and the techniques to detect them, demonstrated with findings in the current Sun JDK.

tags | java
MD5 | e4012f9e73716a6dda8711b642802f41
Xcon2005_Marc_Schoenefeld.pdf
Posted Aug 31, 2005
Authored by Marc Schoenefeld | Site xcon.xfocus.org

Xcon 2005: Java & Secure Programming

tags | java
MD5 | 88ffcf7b528ea654c44bb935b657e5fd
jBPM20.txt
Posted Jul 7, 2005
Authored by Marc Schoenefeld | Site illegalaccess.org

JBoss jBPM suffers from a remote command execution flaw that allows a remote attacker to execute commands with the rights of the JBoss process.

tags | advisory, remote
MD5 | 8796fa4fd04467b9e6490dad6668214a
mac_osx_java_jre_deserialization.txt
Posted Apr 17, 2005
Authored by Marc Schoenefeld | Site illegalaccess.org

MacOSX Java Runtime Environment Remote Denial of Service. Java SDK and JRE contain a flaw which crops up when objects are being de-serialized. This affects servers which are remotely getting data fed over RMI/IIOP, as well as "evil applet" attacks where a user can be persuaded to visit a site and attempt to load an applet.

tags | advisory, java, remote, denial of service
MD5 | c00a95239d9949a40ef993dca9a12842
57707.txt
Posted Dec 31, 2004
Authored by Marc Schoenefeld

A vulnerability in the Java Runtime Environment (JRE) involving object deserialization could be exploited remotely to cause the Java Virtual Machine to become unresponsive, which is a type of Denial-of-Service (DoS). This issue can affect the JRE if an application that runs on it accepts serialized data from an untrusted source. Includes Sun advisory announcing release of JDK 1.4.2_06 and a note from Marc Shoenefeld who discovered the flaw.

tags | advisory, java
MD5 | 90a7b52d93f76377be6e4f3bf4a7f36d
opera754.txt
Posted Nov 20, 2004
Authored by Marc Schoenefeld | Site illegalaccess.org

Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain privileges. This allows for information gathering as well as denial of service effects.

tags | advisory, java, denial of service
MD5 | a67b11d7269a7f701fd1a3682d495e7b
57613.html
Posted Aug 5, 2004
Authored by Marc Schoenefeld | Site sunsolve.sun.com

Sun Security Advisory - The XSLT processor included with the Java Runtime Environment (JRE) may allow an untrusted applet to read data from another applet that is processed using the XSLT processor and may allow the untrusted applet to escalate privileges. All variants of Sun Java JRE 1.4.x and Sun Java SDK 1.4.x are affected, except releases 1.4.2_05 and above.

tags | advisory, java
MD5 | d87c0af157537d5cd6452d44facff79a
covert.txt
Posted Jul 12, 2004
Authored by Marc Schoenefeld

The Microsoft Java Virtual Machine suffers from a cross-site communication vulnerability that allows Java applets originating from different domains to communicate.

tags | advisory, java
MD5 | 61ab28abd50ab3af13559c8c4509bfc7
sunjavaapp.txt
Posted May 28, 2004
Authored by Marc Schoenefeld

Sun-Java-App-Server PE version 8.0 suffers from a path disclosure vulnerability when returning server error 500 pages.

tags | advisory, java
MD5 | a1340be73e5fa96fb10be66e55cb2789
IBM.cloudscape.txt
Posted Feb 5, 2004
Authored by Marc Schoenefeld | Site illegalaccess.org

IBM cloudscape SQL Database (DB2J) version 5.1 on Windows with jdk 1.4.2 is vulnerable to remote command injection, denial of service attacks, and information leakage via specially crafted SQL statements.

tags | advisory, remote, denial of service
systems | windows
MD5 | 34808051fb93ae87a4b41af19b89a69d
j2ee.pointbase.txt
Posted Jan 19, 2004
Authored by Marc Schoenefeld | Site illegalaccess.org

Attached is an exploit that crashes the Pointbase 4.6 database server that comes with the J2EE reference implementation. It is caused by fact that the Pointbase installation coming with j2ee/ri 1.4. is not equipped with an appropriate security manager, thus giving all jars implicitly all permissions. These unlimited permissions can be exploited by an attacker using jdbc to crash the jvm running the pointbase server. Further exploitations possible are information disclosure and remote command injection.

tags | exploit, remote, info disclosure
MD5 | 656290e3971e2cf1d90448e0af989f95
openoffice110.txt
Posted Oct 9, 2003
Authored by Marc Schoenefeld | Site illegalaccess.org

Illegalaccess.org Security Alert - Openoffice 1.1.0 is vulnerable to a denial of service attack when enabled and a TCP connection to the daemon gets fed a bunch of zeroes.

tags | exploit, denial of service, tcp
MD5 | 6379b995196fde39663d7c7af9de8cd2
jboss.txt
Posted Oct 6, 2003
Authored by Marc Schoenefeld | Site illegalaccess.org

Illegalaccess.org Security Alert - JBoss 3.2.1, the Java server for running J2EE enterprise applications, is vulnerable to denial of service attacks, log manipulation, manipulation of process variables, and arbitrary command injection.

tags | advisory, java, denial of service, arbitrary
MD5 | 293a3d8fbdf93758ec5f64e0dafc6da2
JBoss.txt
Posted Jun 3, 2003
Authored by Marc Schoenefeld | Site illegalaccess.org

Boss 3.2.1 with Jetty is vulnerable to full JSP source code disclosure when using a null byte.

tags | exploit
MD5 | d63a80b2f8b61a884e79e56655387094
beauchamp02032003.txt
Posted Feb 11, 2003
Authored by Marc Schoenefeld | Site illegalaccess.org

A specially constructed Java Applet crashes Opera versions 6.05 and 7.01. Opera's own class files in the opera.jar library are susceptible to a buffer overrun which causes a JVM crash and then crashes Opera.

tags | exploit, java, overflow
MD5 | 725fec5e451ee6bf4bcbb1761bddc632
jvm-1.3.crash.txt
Posted Jun 10, 2002
Authored by Marc Schoenefeld

This simple java program crashes the VM (at least 1.3.1-b24) on W2K, and is another example of Java-Frontier Bugs.

tags | exploit, java
MD5 | f832602e94c83b1f5af593fb621d4f03
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    7 Files
  • 21
    Apr 21st
    10 Files
  • 22
    Apr 22nd
    2 Files
  • 23
    Apr 23rd
    17 Files
  • 24
    Apr 24th
    36 Files
  • 25
    Apr 25th
    15 Files
  • 26
    Apr 26th
    31 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close