Security Explorations conducted a security analysis of Microsoft Play Ready content protection technology in the environment of the CANAL+ SAT TV provider. As a result, complete access to movie assets and content keys available in the CANAL+ VOD library could be gained with the use of a fake client device identity. Microsoft and CANAL+ have seemingly decided to ignore this large laundry list of failures.
ae147b5df942976857f81fb745ba330474556562626f4e5abf76e56fe99dca24Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.
22ac20b59483601b9077fb4862bb70d8f034648a969c478415328a8d85326acaThis is the second of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issue 34 is documented in this report.
67d6d552ce4c167529c7cd84de0d0be125a4bdc6728dcd0cc31fb219c9d4011dThis is the first of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issues 19 and 33 are in this report.
32aca3def4a46b63b9c8e018bba1b57b074ab1a278951e26deaa861e0b140b14This is the third of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 26 through 32 are in this report.
8d2b759c1b5a470b8d80314d6c5b026ab6eb6c87410e6af99040f73abe993b0fThis is the second of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 20 through 25 are in this report.
223a793bc15195c628f17c4fc553a3c603a66dd2a1b8dff8b24e298ddc831464This is the first of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 1 through 18 are in this report.
6c524db6b0b45d01b1e715bfb97219d0ab2f4adb4b4e678d3b24918baa34d69eSecurity Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained.
13a1c021f386ea8562db371d87447e51b75f82035a8868806f76394eb2c78f11A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details.
d213971899e2afa9864a8613af2fd95bc020cf4d68541d24a96d77ad4ad8264cThis detailed research paper discusses a multitude of security issues with STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks.
15ea626ba332e60b314c81d0c40ab573322f5d2838ec298bfd26ea8118aa6c19This archive holds a 70+ pages long technical paper accompanied by two reverse engineering tools to analyze STMicroelectronics DVB chipsets.
38bffd3496f315e8460e0c28a7d946b77b455c78115e5b31dff9bc4e92356db9The patch for Issue 70 in IBM Java discovered by Security Explorations in 2013 was found to be faulty. Included are the full report and a proof of concept.
24180117b921605ffa337bfcd62c889bf47a2e79be4fd3593f12c7031b1258ceThe patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.
05acd35224d6d36ec0c881a14c2437781d3cf225c1d917f2a38924f23726bf48Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.
01bc25f8f8df246c49b97afca9f4177773fc93680f8d029f118b41c573555d1fIn their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.
926ad5f5f27088ecc130997d08aa12a0ca81902394fe5f1767a391a11cdfa9eaIssue number 42 from SE-2014-02 has been addressed by Oracle. Included in this archive are proof of concepts and information regarding the fix.
7df623023a7204002b65855afccec136cda0d1a4a5470f0bb205626f4b1824feThis is a fun write-up detailing vulnerabilities in Oracle products discovered by the security community and how Oracle CSO Mary Ann Davidson's math on the subject just does not add up. No surprise there.
2da1fcf5b8f0090fe5d0ec336bb7d93cd663a84c8ff4ad87b305664d9081d629Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.
5420aba52d2da4e16371bae00da42618bd4a585a57ebdcc3bb728104c84e8eabFull materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.
bd960af7763ba59085745caf406af8ad984dad196a7d5aaccd9db363dd96eb1aIn excess of 30 issues have been discovered related to the Google App Engine including a complete Java VM security sandbox escape.
6182e41f90d3af4bea0258e8b31121bc251e830d6c929f250793bc9835215c4cThis archive contains a couple of pdfs detailing 22 security vulnerabilities in Oracle Database Java VM along with proof of concept code.
ecf11e83b5525ba9d476e4539ffb04359d6e5d4f9b76b0703665010c38864b7fSecurity Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software. Among a total of 20 weaknesses discovered, there are issues that allow to create a specific Java security bypass condition or that facilitate the execution of arbitrary Java code on Oracle Database server without proper privileges.
67ffba97eac0feeeb493a67dcadb70bec07aaba89ec8cdc1f47731fb6432f1c2Security Explorations decided to release technical details and accompanying proof of concept codes for security vulnerabilities discovered in the environment of Oracle Java Cloud Service. Enclosed are two pdfs detailing the issues along with a zip file filled with proof of concept code. The release of data is due to Oracle's continued failure to properly handle vulnerability reports.
8da74747f63ecbeaf0436376646b7870ac187a6fd484dcb90371ecdd3d8b7be4Security Explorations discovered multiple security vulnerabilities in the environment of Oracle Java Cloud Service. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center.
652728a4db193f91cfd789d35f2cbce67c8d3fb9f86841ab4870dda696838141The CPU released Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability (Issue 69) that was reported to the company in July.
8836a50caf231af0bc2808d25511d8afa12be6798b069187840e5e846e7cbf09
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed