ignore security and it'll go away
Showing 1 - 25 of 41 RSS Feed

Files from Adam Gowdiak

Email addresszupa at man.poznan.pl
First Active2004-10-27
Last Active2016-04-12
IBM Java Issue 70 Bad Patch
Posted Apr 12, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 70 in IBM Java discovered by Security Explorations in 2013 was found to be faulty. Included are the full report and a proof of concept.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5456
MD5 | 0d5c6c7e0a9744495ab910305201e727
IBM Java Issue 67 Bad Patch
Posted Apr 5, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.

tags | advisory, java
MD5 | ed2de4cdbbff3d22aad9553050f8325b
Oracle Java Security Fix Bypass
Posted Mar 11, 2016
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5838
MD5 | 369b993c622ffb5038ab3ff0a3006afc
SE-2014-02 Oracle Errata
Posted Nov 30, 2015
Authored by Adam Gowdiak | Site security-explorations.com

In their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.

tags | advisory, java, root
advisories | CVE-2015-4871
MD5 | f5d69d86ab0d1a9e96b53a0507bf6a08
Java SE 7 Improper Initialization
Posted Oct 22, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Issue number 42 from SE-2014-02 has been addressed by Oracle. Included in this archive are proof of concepts and information regarding the fix.

tags | exploit, proof of concept
systems | linux
MD5 | 36d312e4f7e10290eea818c4638e62b0
Security Explorations Math Versus Oracle
Posted Aug 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

This is a fun write-up detailing vulnerabilities in Oracle products discovered by the security community and how Oracle CSO Mary Ann Davidson's math on the subject just does not add up. No surprise there.

tags | advisory, vulnerability
MD5 | f40203b860dcb9ad58f5a01dd0418a21
Google App Engine Java Security Sandbox Bypasses
Posted May 7, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.

tags | exploit, vulnerability, proof of concept
systems | linux
MD5 | 956d84b58adbd3d0e9b366bb849df648
Google App Engine Java Security Sandbox Bypasses
Posted Mar 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.

tags | exploit, java, proof of concept
systems | linux
MD5 | e18212db596c59c0198cd2c6b8801c6f
Google App Engine Java VM Sandbox Escape
Posted Dec 6, 2014
Authored by Adam Gowdiak | Site security-explorations.com

In excess of 30 issues have been discovered related to the Google App Engine including a complete Java VM security sandbox escape.

tags | advisory, java
MD5 | d57fed61e0a74a3840bbc85c8108a769
Oracle Database Java VM Security Vulnerabilities
Posted Oct 15, 2014
Authored by Adam Gowdiak | Site security-explorations.com

This archive contains a couple of pdfs detailing 22 security vulnerabilities in Oracle Database Java VM along with proof of concept code.

tags | exploit, java, vulnerability, proof of concept
systems | linux
MD5 | 824d0169d4241aa782b44f5cbcc7e361
Oracle Database Java VM 20 Weaknesses
Posted Jun 16, 2014
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software. Among a total of 20 weaknesses discovered, there are issues that allow to create a specific Java security bypass condition or that facilitate the execution of arbitrary Java code on Oracle Database server without proper privileges.

tags | advisory, java, arbitrary
MD5 | 9ee0076d6a57058b84b2ffc0fab7e8a5
30 Issues In Oracle Java Cloud Service
Posted Apr 1, 2014
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations decided to release technical details and accompanying proof of concept codes for security vulnerabilities discovered in the environment of Oracle Java Cloud Service. Enclosed are two pdfs detailing the issues along with a zip file filled with proof of concept code. The release of data is due to Oracle's continued failure to properly handle vulnerability reports.

tags | exploit, java, vulnerability, proof of concept
systems | linux
MD5 | 52490876d4c01a8d53153d3fe939e0b2
Java PaaS / Cloud Services Security Issues
Posted Feb 1, 2014
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations discovered multiple security vulnerabilities in the environment of Oracle Java Cloud Service. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center.

tags | advisory, java, vulnerability
MD5 | a0019f8f96169482dd33bb356b68fc81
Oracle Java SE 7 Issue 69
Posted Oct 17, 2013
Authored by Adam Gowdiak | Site security-explorations.com

The CPU released Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability (Issue 69) that was reported to the company in July.

tags | advisory, java
MD5 | 5eeb32459ed3fb2358ee8ce3835f94af
Java SE 7 Issue 69
Posted Jul 18, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has submitted a new vulnerability to Oracle that implements a classic attack against Java VM.

tags | advisory, java
MD5 | 82cbd474f2ee8179acbe5cbab1a7d0a0
Java Applet ProviderSkeleton Insecure Invoke Method
Posted Jun 27, 2013
Authored by Adam Gowdiak, Matthias Kaiser | Site metasploit.com

This Metasploit module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.

tags | exploit, java, arbitrary
advisories | CVE-2013-2460, OSVDB-94346
MD5 | eb31080dbf4908fe55f6198beec5aae0
IBM SDK 7 New Security Issues
Posted May 6, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations discovered 7 additional security issues (#62-68) in the latest version of IBM SDK, Java Technology Edition software. A majority of the new flaws are due to insecure use or implementation of Java Reflection API.

tags | advisory, java
MD5 | 7e3988ce8ab0d956e0e2992c18faf34f
Java 1.7.0_21-b11 Code Execution
Posted Apr 22, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Java versions 1.7.0_21-b11 and below suffers from an arbitrary code execution vulnerability.

tags | advisory, java, arbitrary, code execution
MD5 | e4cd9e5c7f8d9e28f0422e22ea755816
Oracle Java SE 7 Update 21 Information
Posted Apr 16, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Oracle has released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year (Issues 51, 55 and 57-60).

tags | advisory, java, vulnerability
MD5 | e0160be8fcb86576d553129b539d8ffc
Digital Satellite TV Platform Proof Of Concepts
Posted Mar 21, 2013
Authored by Adam Gowdiak | Site security-explorations.com

This archive contains proof of concept exploits from Security Explorations. They waited for over a year for vendors to fix the issues in various digital satellite TV platforms and were ignored.

tags | exploit, proof of concept
MD5 | 7fd03152a44b970103a49cde19ccd807
Security Explorations Java Issue 54
Posted Mar 18, 2013
Authored by Adam Gowdiak | Site security-explorations.com

This document provides the technical details of Issue 54 that was reported to Oracle on Feb 25, 2013 and that was evaluated by the company as the "allowed behavior".

tags | advisory
MD5 | f092afb7346a718a1d6a7c3ff600d9dd
Oracle Java SE 7 Update 15 Issues
Posted Mar 4, 2013
Authored by Adam Gowdiak | Site security-explorations.com

The saga between Security Explorations and Oracle continues as yet another issue has been reported upstream.

tags | advisory
MD5 | 4c92abd477c3c1d4a5c3516c817f655e
Java Applet JMX Remote Code Execution
Posted Feb 25, 2013
Authored by Adam Gowdiak, juan vazquez, SecurityObscurity | Site metasploit.com

This Metasploit module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.

tags | exploit, java, arbitrary
advisories | CVE-2013-0431, OSVDB-89613
MD5 | 8f755d5ec685451214b1ccb81d296451
Java SE 7 Update 15 Sandbox Bypass
Posted Feb 25, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has discovered two new security issues in Java SE 7 Update 15.

tags | advisory, java
MD5 | 0860cf18f52defec23cdb389ebac870f
Java SE Proof Of Concept Code
Posted Feb 5, 2013
Authored by Adam Gowdiak | Site security-explorations.com

This is an archive that houses all of the proof of concept code for the issues affecting Java SE as reported in SE-2012-01 by Security Explorations.

tags | exploit, java, proof of concept
advisories | CVE-2013-0437, CVE-2013-1478, CVE-2013-1480
MD5 | 05a7af67fb9b562752b593c67444f0cf
Page 1 of 2
Back12Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    11 Files
  • 19
    Oct 19th
    3 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close