A malicious unauthenticated user could abuse the lack of authentication check on a particular web service exposed by default in SAP Netweaver JAVA stack, allowing them to fully compromise the targeted system. Affected components include SAP Netweaver JAVA versions 7.30 through 7.50 and LM CONFIGURATION WIZARD versions 7.30 SP019 Patch 0000, 7.30 SP020 Patch 0000, 7.31 SP023 Patch 0000, 7.31 SP024 Patch 0000, 7.31 SP025 Patch 0000, 7.31 SP026 Patch 0000, 7.40 SP018 Patch 0000, 7.40 SP019 Patch 0000, 7.40 SP020 Patch 0000, 7.40 SP021 Patch 0000, 7.50 SP012 Patch 0001 and lower, 7.50 SP013 Patch 0002 and lower, 7.50 SP014 Patch 0001 and lower, 7.50 SP015 Patch 0001 and lower, 7.50 SP016 Patch 0001 and lower, 7.50 SP017 Patch 0001 and lower, and 7.50 SP018 Patch 0000.
978750433543ec4b63047fcf6b6926f902e63282e32e39e3576f962e8997c767
Zero Day Initiative Advisory 12-142 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BasicService.showDocument Java Webstart function. This function allows additional parameters to be passed to the browser. Depending on which browser the user has set as default browser this could lead to remote code execution under the context of the current user.
4b4d0a01355713d6b9b2023bec9de5d8a94b9df2193510d724d023512bc800da
Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.
6bedf1fbba1ca220222bc6be3b897176d50aac02f53df2ed5328792dd158289c
Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
64a709b58b6ee61639d0b91751fa1370fb95af75e8e2c731bae64a2534aa2be5
HP Security Bulletin HPSBUX02805 SSRT100919 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.
849562f0237617b7508b5218fea45645aedcf54cee94899fb36a71e7fbb6f633
Ubuntu Security Notice 1524-1 - A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
cbaae6919431428ce28f0525f8b4610c12e3488e31906a3c083d3654bfca78e3
This is a brief whitepaper discussing how to BackTrack 5 and the Social Engineering Toolkit (SET) to generate a malicious java applet in order to gain a reverse shell on Windows 7.
c465ce76e11d434cefe598ce9ad6f6709a3c029e5620d87ca6bb83721ba8d677
This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4d
This Metasploit module exploits a heap overflow vulnerability in Internet Explorer caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code.
aaf1f1bff58af8d0e890f965766d5618a2de8a76a4a4edc1da853071f2054364
Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.
501fee417fe6ba2b16a422f5cde669441ffad8611bba304f314fbdf49e7846e3
Red Hat Security Advisory 2012-1132-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code.
a5d84dba4b2247a80c32799c231d8fc28d3b015060f969744e150eb90894b4b2
Spark IM client version 2.6.3 suffers from a cryptography failure where the key for encrypting the passwords is stored statically in Encryptor.java. Tool included that will recover usernames and passwords.
9782253ae9795fa6cba9d6a8e3b03d59608adabe717e35b82a175473cd0bfd36
Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.
78dd41f8b5b34025ec971ccb9596f9551cde8d2534b3816a8c8e07e50a8da9ef
Ubuntu Security Notice 1512-1 - It was discovered that KDE PIM html renderer incorrectly enabled JavaScript, Java and Plugins. A remote attacker could use this flaw to send an email with embedded JavaScript that possibly executes when opened.
0eb443866af01d8f0bed2a8e0d40c11f7d181c581505d2a58166201be1c354b9
Red Hat Security Advisory 2012-1080-01 - The IBM Java SE version 1.4.2 release includes the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 1.4.2 Runtime Environment and the IBM Java 1.4.2 Software Development Kit.
91d7fea7aa7d7b39fe7a3a9a4e3d7288cafa175bf77962bef334da06bf3382aa
Ubuntu Security Notice 1505-1 - It was discovered that multiple flaws existed in the CORBA (Common Object Request Broker Architecture) implementation in OpenJDK. An attacker could create a Java application or applet that used these flaws to bypass Java sandbox restrictions or modify immutable object data. It was discovered that multiple flaws existed in the OpenJDK font manager's layout lookup implementation. A attacker could specially craft a font file that could cause a denial of service through crashing the JVM (Java Virtual Machine) or possibly execute arbitrary code. Various other issues were also addressed.
d9174e9a4ed57d8cbb518a50151cad98d40855786e4a1d98cef9256e2cf24668
The *toStaticHTML* component, which is found in Internet Explorer versions greater than 8, SharePoint and Lync is used to sanitize HTML fragments from dynamic and potentially malicious content. An attacker is able to create a specially formed CSS that will overcome * toStaticHTML*'s security logic; therefore, after passing the specially crafted CSS string through the *toStaticHTML* function, it will contain an expression that triggers a JavaScript call.
250fdc51b42fbad45e46c18cf75919ff7aaf7e27a4da2764383c71b6233a3cdb
Red Hat Security Advisory 2012-1057-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
5cfe82490f9e0d9ea42e665a6f4f6f6991026f15dc3ddf2d39550a062b1c56c5
Red Hat Security Advisory 2012-1059-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
e3a2bf9a1dc1efec91da14d3163b81d65b43040761d051feb37bae44cdf25454
Red Hat Security Advisory 2012-1056-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
6557059760455431acac8d483403f3918f56868f81fd392dee90b7d5ddc1473c
Red Hat Security Advisory 2012-1058-01 - RESTEasy provides various frameworks to help you build RESTful web services and RESTful Java applications. It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.
05f9c0682e27949bf1f2becff450f31daba1cdb97b54e04910f8671124a8f236
Debian Linux Security Advisory 2507-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.
b0244e3fc8a1587ecc002656ff83e52a4aae4842334ff06a0187de6bedf0d996
Secunia Security Advisory - SUSE has issued an update for java-1_6_0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
c69a6a41c568caeb37ce779688ba670d5622030be3c77a152e13ea4f1c4f3458
This Metasploit module exploits an authentication bypass vulnerability in the administration console of Openfire servers. By using this vulnerability it is possible to upload/execute a malicious Openfire plugin on the server and execute arbitrary Java code. This Metasploit module has been tested against Openfire 3.6.0a. It is possible to remove the uploaded plugin after execution, however this might turn the server in some kind of unstable state, making re-exploitation difficult. You might want to do this manually.
f96c770e59d9d05308428a0fe45cb31107b3064402edcf2653bd604b617ffe44
Secunia Security Advisory - Debian has issued an update for libspring-2.5-java. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
c55aa8555cb0c5ce86342ab8be4ea4ffeeb2e4a103e6ff47c7bd60dd3dc079d1
Security Explorations does not agree with Apple's evaluation of a vulnerability they reported. They have decided to release proof of concept code to demonstrate a bypass vulnerability in Apple QuickTime Java extensions.
c2aeee9d3f479037cf3a1177e445be5a6068ad94532c3d4c68af96ada0b39421