This is the technical report detailing the Oracle Java vulnerabilities originally noted in SE-2012-01.
d00c5da4cf880cde2e84ea74745b16dbc8e7132738d0d05fc29c596259008c0dSeagate BlackArmor NAS version sg2000-2000.1331 remote command injection exploit.
9a7285a69805f1136bd7054963d9148897967e805a6a67a1cd1ffbf3c3dc7172School Event Attendance Monitoring System version 1.0 suffers from a persistent cross site scripting vulnerability.
f24ea62864f99168db534533d904e718eec3104b5d031e784df47f70a33c8549Seacms version 11.1 suffers from a persistent cross site scripting vulnerability.
35dc5414d3512be6043fbc4971d90695d4fb0bdbc365b5089931b9e2c2e3ca34Seacms version 11.1 suffers from a local file inclusion vulnerability.
42f308848eea10bd63b353933f6f2d4f0164f9e0439cbcbbae0e052baaa80db6Seacms version 11.1 suffers from a remote command execution vulnerability.
a50aa9d756c5893f75333e0fee074bbaec1d3742b828e96cb3cbd60e989a5bd6Seabreeze Consulting version 1 suffers from a cross site scripting vulnerability.
1f3325442680aaec6251278da0daba2e54dbbde77fbdcd6c9e7b6855e46754abSecurity Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.
22ac20b59483601b9077fb4862bb70d8f034648a969c478415328a8d85326acaThis is the second of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issue 34 is documented in this report.
67d6d552ce4c167529c7cd84de0d0be125a4bdc6728dcd0cc31fb219c9d4011dThis is the first of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issues 19 and 33 are in this report.
32aca3def4a46b63b9c8e018bba1b57b074ab1a278951e26deaa861e0b140b14This is the third of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 26 through 32 are in this report.
8d2b759c1b5a470b8d80314d6c5b026ab6eb6c87410e6af99040f73abe993b0fThis is the second of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 20 through 25 are in this report.
223a793bc15195c628f17c4fc553a3c603a66dd2a1b8dff8b24e298ddc831464This is the first of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 1 through 18 are in this report.
6c524db6b0b45d01b1e715bfb97219d0ab2f4adb4b4e678d3b24918baa34d69eSecurity Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained.
13a1c021f386ea8562db371d87447e51b75f82035a8868806f76394eb2c78f11Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from remote SQL injection vulnerabilities in the media server.
e778b88faf6c13b9ded2dc0b1c5a4d719131745dd2f652b92a0899ab6d72d2b9SearchBlox version 8.6.7 suffers from an XML external entity injection vulnerability.
5cfa4db51ca79b891f9ff37b4d1c2513f445a1b9f2be8b8903b97a54e4983414SearchBlox version 8.6.6 suffers from a cross site request forgery vulnerability.
25278c33e75a22e31d96f8b4e5718da4dbacdb00597fb469fef40a4f0f09c1d9This whitepaper explores the origin and impact of the vulnerabilities discovered in ST chipsets.
43e3f8317f8b138cdcd0529baa9770438b7cca42407128e39c63e9b17552ce46Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffers from a persistent cross site scripting vulnerabilities.
e781553767030bf98f0d576bce042a246fa79981a84c0cfb754a87a6669dfce7Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from a path traversal vulnerability.
5ef896e7b37cb5ccba017088977b813090cb4b99b1764b4ea351316ab3dd7a44Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 allows for moving of arbitrary files.
c10b30b886d514c80a6e95c583657ad577f538056af82102f47d7c966c1721fdSeagate Personal Cloud suffers from multiple command injection vulnerabilities.
2a336eda64120c4d115233d9b3f5e7d5b8d216683a2d574817c4246464990a07Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability.
f3f389a36fe31dac25043a5e92d7942a029fddff9e00419ed4f652efc9e5e14cThe patch for Issue 70 in IBM Java discovered by Security Explorations in 2013 was found to be faulty. Included are the full report and a proof of concept.
24180117b921605ffa337bfcd62c889bf47a2e79be4fd3593f12c7031b1258ceThe patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.
05acd35224d6d36ec0c881a14c2437781d3cf225c1d917f2a38924f23726bf48Security Explorations has released details and a proof of concept to bypass a broken security fix found in the Oracle Java SE fix from September, 2013.
01bc25f8f8df246c49b97afca9f4177773fc93680f8d029f118b41c573555d1f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed