exploit the possibilities
Showing 1 - 25 of 45 RSS Feed

Files from Adam Gowdiak

Email addresszupa at man.poznan.pl
First Active2004-10-27
Last Active2019-03-20
Java Card VM Memory Safety
Posted Mar 20, 2019
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained.

tags | advisory, java, vulnerability, code execution
MD5 | a257c47765f8cfe63cbbecdf5b803bd5
Exploitation Framework For STMicroelectronics DVB Chipsets
Posted Feb 20, 2019
Authored by Adam Gowdiak | Site security-explorations.com

A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details.

tags | exploit, overflow, proof of concept
MD5 | 36463dd0c95db85c29e0f6e7d4033996
Exploitation Framework For STMicroelectronics DVB Chipsets
Posted Jan 22, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This detailed research paper discusses a multitude of security issues with STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks.

tags | exploit, overflow
MD5 | 5e5650c12c6dc1fae75bda7ade29648c
STMicroelectronics DVB Chipset Reverse Engineering
Posted Jun 8, 2018
Authored by Adam Gowdiak | Site security-explorations.com

This archive holds a 70+ pages long technical paper accompanied by two reverse engineering tools to analyze STMicroelectronics DVB chipsets.

tags | exploit
MD5 | a5d20c1e900110611b12feb7de976edb
IBM Java Issue 70 Bad Patch
Posted Apr 12, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 70 in IBM Java discovered by Security Explorations in 2013 was found to be faulty. Included are the full report and a proof of concept.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5456
MD5 | 0d5c6c7e0a9744495ab910305201e727
IBM Java Issue 67 Bad Patch
Posted Apr 5, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.

tags | advisory, java
MD5 | ed2de4cdbbff3d22aad9553050f8325b
Oracle Java Security Fix Bypass
Posted Mar 11, 2016
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5838
MD5 | 369b993c622ffb5038ab3ff0a3006afc
SE-2014-02 Oracle Errata
Posted Nov 30, 2015
Authored by Adam Gowdiak | Site security-explorations.com

In their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.

tags | advisory, java, root
advisories | CVE-2015-4871
MD5 | f5d69d86ab0d1a9e96b53a0507bf6a08
Java SE 7 Improper Initialization
Posted Oct 22, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Issue number 42 from SE-2014-02 has been addressed by Oracle. Included in this archive are proof of concepts and information regarding the fix.

tags | exploit, proof of concept
systems | linux
MD5 | 36d312e4f7e10290eea818c4638e62b0
Security Explorations Math Versus Oracle
Posted Aug 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

This is a fun write-up detailing vulnerabilities in Oracle products discovered by the security community and how Oracle CSO Mary Ann Davidson's math on the subject just does not add up. No surprise there.

tags | advisory, vulnerability
MD5 | f40203b860dcb9ad58f5a01dd0418a21
Google App Engine Java Security Sandbox Bypasses
Posted May 7, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.

tags | exploit, vulnerability, proof of concept
systems | linux
MD5 | 956d84b58adbd3d0e9b366bb849df648
Google App Engine Java Security Sandbox Bypasses
Posted Mar 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.

tags | exploit, java, proof of concept
systems | linux
MD5 | e18212db596c59c0198cd2c6b8801c6f
Google App Engine Java VM Sandbox Escape
Posted Dec 6, 2014
Authored by Adam Gowdiak | Site security-explorations.com

In excess of 30 issues have been discovered related to the Google App Engine including a complete Java VM security sandbox escape.

tags | advisory, java
MD5 | d57fed61e0a74a3840bbc85c8108a769
Oracle Database Java VM Security Vulnerabilities
Posted Oct 15, 2014
Authored by Adam Gowdiak | Site security-explorations.com

This archive contains a couple of pdfs detailing 22 security vulnerabilities in Oracle Database Java VM along with proof of concept code.

tags | exploit, java, vulnerability, proof of concept
systems | linux
MD5 | 824d0169d4241aa782b44f5cbcc7e361
Oracle Database Java VM 20 Weaknesses
Posted Jun 16, 2014
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software. Among a total of 20 weaknesses discovered, there are issues that allow to create a specific Java security bypass condition or that facilitate the execution of arbitrary Java code on Oracle Database server without proper privileges.

tags | advisory, java, arbitrary
MD5 | 9ee0076d6a57058b84b2ffc0fab7e8a5
30 Issues In Oracle Java Cloud Service
Posted Apr 1, 2014
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations decided to release technical details and accompanying proof of concept codes for security vulnerabilities discovered in the environment of Oracle Java Cloud Service. Enclosed are two pdfs detailing the issues along with a zip file filled with proof of concept code. The release of data is due to Oracle's continued failure to properly handle vulnerability reports.

tags | exploit, java, vulnerability, proof of concept
systems | linux
MD5 | 52490876d4c01a8d53153d3fe939e0b2
Java PaaS / Cloud Services Security Issues
Posted Feb 1, 2014
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations discovered multiple security vulnerabilities in the environment of Oracle Java Cloud Service. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center.

tags | advisory, java, vulnerability
MD5 | a0019f8f96169482dd33bb356b68fc81
Oracle Java SE 7 Issue 69
Posted Oct 17, 2013
Authored by Adam Gowdiak | Site security-explorations.com

The CPU released Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability (Issue 69) that was reported to the company in July.

tags | advisory, java
MD5 | 5eeb32459ed3fb2358ee8ce3835f94af
Java SE 7 Issue 69
Posted Jul 18, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has submitted a new vulnerability to Oracle that implements a classic attack against Java VM.

tags | advisory, java
MD5 | 82cbd474f2ee8179acbe5cbab1a7d0a0
Java Applet ProviderSkeleton Insecure Invoke Method
Posted Jun 27, 2013
Authored by Adam Gowdiak, Matthias Kaiser | Site metasploit.com

This Metasploit module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.

tags | exploit, java, arbitrary
advisories | CVE-2013-2460, OSVDB-94346
MD5 | eb31080dbf4908fe55f6198beec5aae0
IBM SDK 7 New Security Issues
Posted May 6, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations discovered 7 additional security issues (#62-68) in the latest version of IBM SDK, Java Technology Edition software. A majority of the new flaws are due to insecure use or implementation of Java Reflection API.

tags | advisory, java
MD5 | 7e3988ce8ab0d956e0e2992c18faf34f
Java 1.7.0_21-b11 Code Execution
Posted Apr 22, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Java versions 1.7.0_21-b11 and below suffers from an arbitrary code execution vulnerability.

tags | advisory, java, arbitrary, code execution
MD5 | e4cd9e5c7f8d9e28f0422e22ea755816
Oracle Java SE 7 Update 21 Information
Posted Apr 16, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Oracle has released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year (Issues 51, 55 and 57-60).

tags | advisory, java, vulnerability
MD5 | e0160be8fcb86576d553129b539d8ffc
Digital Satellite TV Platform Proof Of Concepts
Posted Mar 21, 2013
Authored by Adam Gowdiak | Site security-explorations.com

This archive contains proof of concept exploits from Security Explorations. They waited for over a year for vendors to fix the issues in various digital satellite TV platforms and were ignored.

tags | exploit, proof of concept
MD5 | 7fd03152a44b970103a49cde19ccd807
Security Explorations Java Issue 54
Posted Mar 18, 2013
Authored by Adam Gowdiak | Site security-explorations.com

This document provides the technical details of Issue 54 that was reported to Oracle on Feb 25, 2013 and that was evaluated by the company as the "allowed behavior".

tags | advisory
MD5 | f092afb7346a718a1d6a7c3ff600d9dd
Page 1 of 2
Back12Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close