Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.
bd960af7763ba59085745caf406af8ad984dad196a7d5aaccd9db363dd96eb1aIn excess of 30 issues have been discovered related to the Google App Engine including a complete Java VM security sandbox escape.
6182e41f90d3af4bea0258e8b31121bc251e830d6c929f250793bc9835215c4cThis archive contains a couple of pdfs detailing 22 security vulnerabilities in Oracle Database Java VM along with proof of concept code.
ecf11e83b5525ba9d476e4539ffb04359d6e5d4f9b76b0703665010c38864b7fSecurity Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software. Among a total of 20 weaknesses discovered, there are issues that allow to create a specific Java security bypass condition or that facilitate the execution of arbitrary Java code on Oracle Database server without proper privileges.
67ffba97eac0feeeb493a67dcadb70bec07aaba89ec8cdc1f47731fb6432f1c2Security Explorations decided to release technical details and accompanying proof of concept codes for security vulnerabilities discovered in the environment of Oracle Java Cloud Service. Enclosed are two pdfs detailing the issues along with a zip file filled with proof of concept code. The release of data is due to Oracle's continued failure to properly handle vulnerability reports.
8da74747f63ecbeaf0436376646b7870ac187a6fd484dcb90371ecdd3d8b7be4Security Explorations discovered multiple security vulnerabilities in the environment of Oracle Java Cloud Service. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center.
652728a4db193f91cfd789d35f2cbce67c8d3fb9f86841ab4870dda696838141The CPU released Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability (Issue 69) that was reported to the company in July.
8836a50caf231af0bc2808d25511d8afa12be6798b069187840e5e846e7cbf09Security Explorations has submitted a new vulnerability to Oracle that implements a classic attack against Java VM.
06b801519ec428ee719f86858e50021889fbd7008bbcfe62c1df7a749f41a4e1This Metasploit module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.
4c7f2d07b2fb9904b25b6805e68094ce81bd292f4e93feb4b36e0f249b1ace06Security Explorations discovered 7 additional security issues (#62-68) in the latest version of IBM SDK, Java Technology Edition software. A majority of the new flaws are due to insecure use or implementation of Java Reflection API.
5ee140ef4ee1fbbba3be2d987e3af93d9141d6766d1e154771745114d62a987dJava versions 1.7.0_21-b11 and below suffers from an arbitrary code execution vulnerability.
3158f404571528b94f1fbd702d6393ab7fee07d0e1316cf499dea137b946ebacOracle has released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year (Issues 51, 55 and 57-60).
db5a5e389d8d3c4c134815cc14599a283f8f6970e50643600808191ba1a9acdfThis archive contains proof of concept exploits from Security Explorations. They waited for over a year for vendors to fix the issues in various digital satellite TV platforms and were ignored.
226671de37e4d85a2d62d0df29ac823cb5ba7b68f552e3d574a8e4642dcc0a49This document provides the technical details of Issue 54 that was reported to Oracle on Feb 25, 2013 and that was evaluated by the company as the "allowed behavior".
d4c8c1fc0df190e76d87001b6555555bff504a8c763720dc1de1548590119edcThe saga between Security Explorations and Oracle continues as yet another issue has been reported upstream.
62b15c41647306908f09a62162b45a2e5e879905919342200f2385c369e80460This Metasploit module abuses the JMX classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February of 2013. Additionally, this module bypasses default security settings introduced in Java 7 Update 10 to run unsigned applet without displaying any warning to the user.
0abc5276937c182f0640b79c2c4ed49a2a0bde2a1aa762e63cc17c0ddad5fe4fSecurity Explorations has discovered two new security issues in Java SE 7 Update 15.
6e34dc4dfaf21577b6c54c34aa6c280cdca75c13e6e64bafe3d587b41b47e888This is an archive that houses all of the proof of concept code for the issues affecting Java SE as reported in SE-2012-01 by Security Explorations.
29990bedc5aaf8fec7315dabd3c309b9e55195b778db471fd572429d9a0d9159These are the technical details surrounding security issues reported by Security Explorations to Oracle and addressed in the Feb 2013 SE CPU update.
ccd58e7acc715c85b1b15f83532e23d25e3fd385be0fae2a1ca2e5abcde6cd00Security Explorations explains how Oracle's Java security enhancements have failed to mitigate silent exploits.
2b66efc1c4e7c9fd15103824bba32feb11a12eafebd5e01dd6368fdffd26c398Security Explorations has successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11.
2c0a7f2862f4d546c45170b13f44126996fbdec8d1119e3f9d1012ddc23afa5aThis write up documents an analysis of the current Java zero-day floating around that affects version 7 update 10.
570d0ab91ce6ae4fe76761c04da03a7343f5d11d4f9bf2f3e155de151060f50cThis archive details security vulnerabilities discovered as a result of Security Explorations digital satellite TV research project. Included are two talks given at Hack In The Box on May 24, 2012 and three cumulative vulnerability reports.
1fd3ff584b7823f4460f137f56dc5958c34980e524ddf116c7852e7a9bc279c6This is a presentation given at Devoxx that goes into detail about the Oracle Java vulnerabilities discussed in SE-2012-01.
49d02139ee9c74682ac34a668af63077f0e2e4b0d473c32bb2104c25866d4982This is the technical report detailing the Oracle Java vulnerabilities originally noted in SE-2012-01.
d00c5da4cf880cde2e84ea74745b16dbc8e7132738d0d05fc29c596259008c0d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed