This is an extension of research on the original findings of CVE-2020-15858 in Telit Cinterion IoT devices. Numerous issues have been discovered including path traversal, Java privilege elevation, AT commands whitelist / blacklist bypass, a heap overflow in fragmented SMS, and more.
abb8c4529f9d5d619b36098b1423bf2e497fc0bebd5da0e83e1d5c9a49803636
Security Explorations conducted a security analysis of Microsoft Play Ready content protection technology in the environment of the CANAL+ SAT TV provider. As a result, complete access to movie assets and content keys available in the CANAL+ VOD library could be gained with the use of a fake client device identity. Microsoft and CANAL+ have seemingly decided to ignore this large laundry list of failures.
ae147b5df942976857f81fb745ba330474556562626f4e5abf76e56fe99dca24
Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.
22ac20b59483601b9077fb4862bb70d8f034648a969c478415328a8d85326aca
This is the second of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issue 34 is documented in this report.
67d6d552ce4c167529c7cd84de0d0be125a4bdc6728dcd0cc31fb219c9d4011d
This is the first of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issues 19 and 33 are in this report.
32aca3def4a46b63b9c8e018bba1b57b074ab1a278951e26deaa861e0b140b14
This is the third of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 26 through 32 are in this report.
8d2b759c1b5a470b8d80314d6c5b026ab6eb6c87410e6af99040f73abe993b0f
This is the second of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 20 through 25 are in this report.
223a793bc15195c628f17c4fc553a3c603a66dd2a1b8dff8b24e298ddc831464
This is the first of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 1 through 18 are in this report.
6c524db6b0b45d01b1e715bfb97219d0ab2f4adb4b4e678d3b24918baa34d69e
Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained.
13a1c021f386ea8562db371d87447e51b75f82035a8868806f76394eb2c78f11
A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details.
d213971899e2afa9864a8613af2fd95bc020cf4d68541d24a96d77ad4ad8264c
This detailed research paper discusses a multitude of security issues with STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks.
15ea626ba332e60b314c81d0c40ab573322f5d2838ec298bfd26ea8118aa6c19
This archive holds a 70+ pages long technical paper accompanied by two reverse engineering tools to analyze STMicroelectronics DVB chipsets.
38bffd3496f315e8460e0c28a7d946b77b455c78115e5b31dff9bc4e92356db9
The patch for Issue 70 in IBM Java discovered by Security Explorations in 2013 was found to be faulty. Included are the full report and a proof of concept.
24180117b921605ffa337bfcd62c889bf47a2e79be4fd3593f12c7031b1258ce
The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.
05acd35224d6d36ec0c881a14c2437781d3cf225c1d917f2a38924f23726bf48
Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.
01bc25f8f8df246c49b97afca9f4177773fc93680f8d029f118b41c573555d1f
In their original report, Security Explorations indicated that Issue 42 in SE-2014-02 had its origin in klassItable::initialize_itable_for_interface method's implementation of Java SE 7 HotSpot VM. They have recently learned that their initial analysis regarding the root cause of Issue 42 was incorrect. This report contains more detailed information about the actual cause of Issue 42, the reasoning that has mislead them into concluding it was caused by an improper initialization of non-public interface method slots and some additional findings regarding this issue.
926ad5f5f27088ecc130997d08aa12a0ca81902394fe5f1767a391a11cdfa9ea
Issue number 42 from SE-2014-02 has been addressed by Oracle. Included in this archive are proof of concepts and information regarding the fix.
7df623023a7204002b65855afccec136cda0d1a4a5470f0bb205626f4b1824fe
This is a fun write-up detailing vulnerabilities in Oracle products discovered by the security community and how Oracle CSO Mary Ann Davidson's math on the subject just does not add up. No surprise there.
2da1fcf5b8f0090fe5d0ec336bb7d93cd663a84c8ff4ad87b305664d9081d629
Security Explorations released technical details, Google advisories, and new proof of concept code for the Google App Engine sandbox bypass vulnerabilities.
5420aba52d2da4e16371bae00da42618bd4a585a57ebdcc3bb728104c84e8eab
Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.
bd960af7763ba59085745caf406af8ad984dad196a7d5aaccd9db363dd96eb1a
In excess of 30 issues have been discovered related to the Google App Engine including a complete Java VM security sandbox escape.
6182e41f90d3af4bea0258e8b31121bc251e830d6c929f250793bc9835215c4c
This archive contains a couple of pdfs detailing 22 security vulnerabilities in Oracle Database Java VM along with proof of concept code.
ecf11e83b5525ba9d476e4539ffb04359d6e5d4f9b76b0703665010c38864b7f
Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software. Among a total of 20 weaknesses discovered, there are issues that allow to create a specific Java security bypass condition or that facilitate the execution of arbitrary Java code on Oracle Database server without proper privileges.
67ffba97eac0feeeb493a67dcadb70bec07aaba89ec8cdc1f47731fb6432f1c2
Security Explorations decided to release technical details and accompanying proof of concept codes for security vulnerabilities discovered in the environment of Oracle Java Cloud Service. Enclosed are two pdfs detailing the issues along with a zip file filled with proof of concept code. The release of data is due to Oracle's continued failure to properly handle vulnerability reports.
8da74747f63ecbeaf0436376646b7870ac187a6fd484dcb90371ecdd3d8b7be4
Security Explorations discovered multiple security vulnerabilities in the environment of Oracle Java Cloud Service. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center.
652728a4db193f91cfd789d35f2cbce67c8d3fb9f86841ab4870dda696838141