Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.
2c80166b698e465440e3bf6ffd7c105e
This is the second of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issue 34 is documented in this report.
d9d4dd88017b5a8c8de37bb6f8efe69a
This is the first of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issues 19 and 33 are in this report.
6889db3914a3b0be2c76961d2f95e557
This is the third of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 26 through 32 are in this report.
a6ad3d9330327f5a7808f847610eba22
This is the second of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 20 through 25 are in this report.
4c3b6b313f3d71091e91a41f644cac99
This is the first of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 1 through 18 are in this report.
fd85979e79e3b9f2c88dca6478a9c0fd
Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained.
a257c47765f8cfe63cbbecdf5b803bd5
A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details.
36463dd0c95db85c29e0f6e7d4033996
This detailed research paper discusses a multitude of security issues with STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks.
5e5650c12c6dc1fae75bda7ade29648c
This archive holds a 70+ pages long technical paper accompanied by two reverse engineering tools to analyze STMicroelectronics DVB chipsets.
a5d20c1e900110611b12feb7de976edb
The patch for Issue 70 in IBM Java discovered by Security Explorations in 2013 was found to be faulty. Included are the full report and a proof of concept.
0d5c6c7e0a9744495ab910305201e727
The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.
ed2de4cdbbff3d22aad9553050f8325b
Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.
369b993c622ffb5038ab3ff0a3006afc
In their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.
f5d69d86ab0d1a9e96b53a0507bf6a08
Issue number 42 from SE-2014-02 has been addressed by Oracle. Included in this archive are proof of concepts and information regarding the fix.
36d312e4f7e10290eea818c4638e62b0
This is a fun write-up detailing vulnerabilities in Oracle products discovered by the security community and how Oracle CSO Mary Ann Davidson's math on the subject just does not add up. No surprise there.
f40203b860dcb9ad58f5a01dd0418a21
Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.
956d84b58adbd3d0e9b366bb849df648
Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.
e18212db596c59c0198cd2c6b8801c6f
In excess of 30 issues have been discovered related to the Google App Engine including a complete Java VM security sandbox escape.
d57fed61e0a74a3840bbc85c8108a769
This archive contains a couple of pdfs detailing 22 security vulnerabilities in Oracle Database Java VM along with proof of concept code.
824d0169d4241aa782b44f5cbcc7e361
Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software. Among a total of 20 weaknesses discovered, there are issues that allow to create a specific Java security bypass condition or that facilitate the execution of arbitrary Java code on Oracle Database server without proper privileges.
9ee0076d6a57058b84b2ffc0fab7e8a5
Security Explorations decided to release technical details and accompanying proof of concept codes for security vulnerabilities discovered in the environment of Oracle Java Cloud Service. Enclosed are two pdfs detailing the issues along with a zip file filled with proof of concept code. The release of data is due to Oracle's continued failure to properly handle vulnerability reports.
52490876d4c01a8d53153d3fe939e0b2
Security Explorations discovered multiple security vulnerabilities in the environment of Oracle Java Cloud Service. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center.
a0019f8f96169482dd33bb356b68fc81
The CPU released Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability (Issue 69) that was reported to the company in July.
5eeb32459ed3fb2358ee8ce3835f94af
Security Explorations has submitted a new vulnerability to Oracle that implements a classic attack against Java VM.
82cbd474f2ee8179acbe5cbab1a7d0a0