exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

Files from Matthias Kaiser

First Active2010-08-24
Last Active2018-05-16
Jenkins CLI HTTP Java Deserialization
Posted May 16, 2018
Authored by Matthias Kaiser, Alisa Esage, YSOSerial, Ivan | Site metasploit.com

This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins, which allows remote arbitrary code execution via HTTP. Authentication is not required to exploit this vulnerability.

tags | exploit, remote, web, arbitrary, code execution
advisories | CVE-2016-9299
MD5 | a3aeb852830fc3dbdd714d7dccd5cd1b
Apache Qpid Untrusted Input Deserialization
Posted Jul 2, 2016
Authored by Matthias Kaiser

When applications call getObject() on a consumed JMS ObjectMessage they are subject to the behaviour of any object deserialization during the process of constructing the body to return. Unless the application has taken outside steps to limit the deserialization process, they can't protect against input that might try to make undesired use of classes available on the application classpath that might be vulnerable to exploitation. Apache Qpid AMQP 0-x JMS client versions 6.0.3 and earlier and Qpid JMS (AMQP 1.0) client versions 0.9.0 and earlier are affected.

tags | advisory
advisories | CVE-2016-4974
MD5 | bd9f02d6a4f6778661162455acfbf223
Apache Flex BlazeDS 4.7.0 XML Entity Expansion
Posted Aug 22, 2015
Authored by Matthias Kaiser

When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations allows expanding of entities to local resources. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected.

tags | advisory, local
advisories | CVE-2015-3269
MD5 | c712a6a20b6791fd80403326c7724d49
IPass Control Pipe Remote Command Execution
Posted Mar 13, 2015
Authored by Matthias Kaiser | Site metasploit.com

This Metasploit module exploits a vulnerability in the IPass Client service. This service provides a named pipe which can be accessed by the user group BUILTIN\Users. This pipe can be abused to force the service to load a DLL from a SMB share.

tags | exploit
advisories | CVE-2015-0925
MD5 | ffc39e2ef1fd5a0cf7b4f982947690e3
Java Applet ProviderSkeleton Insecure Invoke Method
Posted Jun 27, 2013
Authored by Adam Gowdiak, Matthias Kaiser | Site metasploit.com

This Metasploit module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.

tags | exploit, java, arbitrary
advisories | CVE-2013-2460, OSVDB-94346
MD5 | eb31080dbf4908fe55f6198beec5aae0
Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit
Posted Nov 23, 2010
Authored by egypt, Matthias Kaiser | Site metasploit.com

This Metasploit module exploits a vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox. By injecting a parameter into a javaws call within the BasicServiceImpl class the default java sandbox policy file can be therefore overwritten. The vulnerability affects version 6 prior to update 22. NOTE: Exploiting this vulnerability causes several sinister-looking popup windows saying that Java is "Downloading application."

tags | exploit, java
systems | windows
advisories | CVE-2010-3563, OSVDB-69043
MD5 | 9a21a47d9c36f5a1bda2c5036310f6c0
Java RMIConnectionImpl Deserialization Privilege Escalation Exploit
Posted Sep 9, 2010
Authored by egypt, Matthias Kaiser, Sami Koivu | Site metasploit.com

This Metasploit module exploits a vulnerability in the Java Runtime Environment that allows to deserialize a MarshalledObject containing a custom classloader under a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.

tags | exploit, java
advisories | CVE-2010-0094
MD5 | 0d92c0d644f75f48c339916b902897e1
Java Statement.invoke() Trusted Method Chain Exploit
Posted Aug 24, 2010
Authored by egypt, Matthias Kaiser, Sami Koivu | Site metasploit.com

This Metasploit module exploits a vulnerability in Java Runtime Environment that allows an untrusted method to run in a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.

tags | exploit, java
advisories | CVE-2010-0840
MD5 | 4e689cf5083f3182b1988ba27606166b
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close