what you don't know can hurt you
Showing 1 - 25 of 51 RSS Feed

Files from Adam Gowdiak

Email addresszupa at man.poznan.pl
First Active2004-10-27
Last Active2019-06-14
Java Card Proof Of Concepts
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.

tags | exploit, java, vulnerability, code execution, proof of concept
MD5 | 2c80166b698e465440e3bf6ffd7c105e
Gemalto Java Card SE-2019-01 Issue 34
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the second of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issue 34 is documented in this report.

tags | advisory, java, vulnerability
MD5 | d9d4dd88017b5a8c8de37bb6f8efe69a
Gemalto Java Card SE-2019-01 Issues 19 And 33
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the first of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issues 19 and 33 are in this report.

tags | advisory, java, vulnerability
MD5 | 6889db3914a3b0be2c76961d2f95e557
Oracle Java Card SE-2019-01 Issues 26-32
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the third of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 26 through 32 are in this report.

tags | advisory, java, vulnerability
MD5 | a6ad3d9330327f5a7808f847610eba22
Oracle Java Card SE-2019-01 Issues 20-25
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the second of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 20 through 25 are in this report.

tags | advisory, java, vulnerability
MD5 | 4c3b6b313f3d71091e91a41f644cac99
Oracle Java Card SE-2019-01 Issues 1-18
Posted Jun 14, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This is the first of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 1 through 18 are in this report.

tags | advisory, java, vulnerability
MD5 | fd85979e79e3b9f2c88dca6478a9c0fd
Java Card VM Memory Safety
Posted Mar 20, 2019
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained.

tags | advisory, java, vulnerability, code execution
MD5 | a257c47765f8cfe63cbbecdf5b803bd5
Exploitation Framework For STMicroelectronics DVB Chipsets
Posted Feb 20, 2019
Authored by Adam Gowdiak | Site security-explorations.com

A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details.

tags | exploit, overflow, proof of concept
MD5 | 36463dd0c95db85c29e0f6e7d4033996
Exploitation Framework For STMicroelectronics DVB Chipsets
Posted Jan 22, 2019
Authored by Adam Gowdiak | Site security-explorations.com

This detailed research paper discusses a multitude of security issues with STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks.

tags | exploit, overflow
MD5 | 5e5650c12c6dc1fae75bda7ade29648c
STMicroelectronics DVB Chipset Reverse Engineering
Posted Jun 8, 2018
Authored by Adam Gowdiak | Site security-explorations.com

This archive holds a 70+ pages long technical paper accompanied by two reverse engineering tools to analyze STMicroelectronics DVB chipsets.

tags | exploit
MD5 | a5d20c1e900110611b12feb7de976edb
IBM Java Issue 70 Bad Patch
Posted Apr 12, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 70 in IBM Java discovered by Security Explorations in 2013 was found to be faulty. Included are the full report and a proof of concept.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5456
MD5 | 0d5c6c7e0a9744495ab910305201e727
IBM Java Issue 67 Bad Patch
Posted Apr 5, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.

tags | advisory, java
MD5 | ed2de4cdbbff3d22aad9553050f8325b
Oracle Java Security Fix Bypass
Posted Mar 11, 2016
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.

tags | exploit, java, proof of concept
systems | linux
advisories | CVE-2013-5838
MD5 | 369b993c622ffb5038ab3ff0a3006afc
SE-2014-02 Oracle Errata
Posted Nov 30, 2015
Authored by Adam Gowdiak | Site security-explorations.com

In their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.

tags | advisory, java, root
advisories | CVE-2015-4871
MD5 | f5d69d86ab0d1a9e96b53a0507bf6a08
Java SE 7 Improper Initialization
Posted Oct 22, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Issue number 42 from SE-2014-02 has been addressed by Oracle. Included in this archive are proof of concepts and information regarding the fix.

tags | exploit, proof of concept
systems | linux
MD5 | 36d312e4f7e10290eea818c4638e62b0
Security Explorations Math Versus Oracle
Posted Aug 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

This is a fun write-up detailing vulnerabilities in Oracle products discovered by the security community and how Oracle CSO Mary Ann Davidson's math on the subject just does not add up. No surprise there.

tags | advisory, vulnerability
MD5 | f40203b860dcb9ad58f5a01dd0418a21
Google App Engine Java Security Sandbox Bypasses
Posted May 7, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.

tags | exploit, vulnerability, proof of concept
systems | linux
MD5 | 956d84b58adbd3d0e9b366bb849df648
Google App Engine Java Security Sandbox Bypasses
Posted Mar 17, 2015
Authored by Adam Gowdiak | Site security-explorations.com

Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.

tags | exploit, java, proof of concept
systems | linux
MD5 | e18212db596c59c0198cd2c6b8801c6f
Google App Engine Java VM Sandbox Escape
Posted Dec 6, 2014
Authored by Adam Gowdiak | Site security-explorations.com

In excess of 30 issues have been discovered related to the Google App Engine including a complete Java VM security sandbox escape.

tags | advisory, java
MD5 | d57fed61e0a74a3840bbc85c8108a769
Oracle Database Java VM Security Vulnerabilities
Posted Oct 15, 2014
Authored by Adam Gowdiak | Site security-explorations.com

This archive contains a couple of pdfs detailing 22 security vulnerabilities in Oracle Database Java VM along with proof of concept code.

tags | exploit, java, vulnerability, proof of concept
systems | linux
MD5 | 824d0169d4241aa782b44f5cbcc7e361
Oracle Database Java VM 20 Weaknesses
Posted Jun 16, 2014
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software. Among a total of 20 weaknesses discovered, there are issues that allow to create a specific Java security bypass condition or that facilitate the execution of arbitrary Java code on Oracle Database server without proper privileges.

tags | advisory, java, arbitrary
MD5 | 9ee0076d6a57058b84b2ffc0fab7e8a5
30 Issues In Oracle Java Cloud Service
Posted Apr 1, 2014
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations decided to release technical details and accompanying proof of concept codes for security vulnerabilities discovered in the environment of Oracle Java Cloud Service. Enclosed are two pdfs detailing the issues along with a zip file filled with proof of concept code. The release of data is due to Oracle's continued failure to properly handle vulnerability reports.

tags | exploit, java, vulnerability, proof of concept
systems | linux
MD5 | 52490876d4c01a8d53153d3fe939e0b2
Java PaaS / Cloud Services Security Issues
Posted Feb 1, 2014
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations discovered multiple security vulnerabilities in the environment of Oracle Java Cloud Service. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center.

tags | advisory, java, vulnerability
MD5 | a0019f8f96169482dd33bb356b68fc81
Oracle Java SE 7 Issue 69
Posted Oct 17, 2013
Authored by Adam Gowdiak | Site security-explorations.com

The CPU released Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability (Issue 69) that was reported to the company in July.

tags | advisory, java
MD5 | 5eeb32459ed3fb2358ee8ce3835f94af
Java SE 7 Issue 69
Posted Jul 18, 2013
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations has submitted a new vulnerability to Oracle that implements a classic attack against Java VM.

tags | advisory, java
MD5 | 82cbd474f2ee8179acbe5cbab1a7d0a0
Page 1 of 3
Back123Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close