exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files from Marc Schoenefeld

Email addressmarc.schoenefeld at gmx.org
First Active2002-06-10
Last Active2009-05-27
OS X Java Hardening
Posted May 27, 2009
Authored by Marc Schoenefeld

Quick write up discussing how you can harden OS X to protect yourself from the recent Java vulnerability.

tags | paper, java
systems | apple, osx
advisories | CVE-2008-5353
SHA-256 | 36bfdf78c6bf5ae2dde784a8130e4b9a24a88e86824fa590483c0cd9490d32e0
DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf
Posted Oct 9, 2006
Authored by Marc Schoenefeld | Site conference.hitb.org

HITBSecConf2006 Presentation - Pentesting Java/J2EE - Discovering Remote Holes.

tags | java, remote
SHA-256 | 1415cf54b295ce5b73fb813b0ebf680add2c464363512687c557911aa8ecc12a
opera850DoS.txt
Posted Dec 2, 2005
Authored by Marc Schoenefeld

Opera 8.50 is susceptible to a denial of service condition via an applet.

tags | advisory, denial of service
SHA-256 | 935a51472ab3bd6c59b138c3c68c739c9d4623061a00d164c3b0f659f1aea147
parosproxy.txt
Posted Nov 5, 2005
Authored by Marc Schoenefeld

There is a vulnerability with how JDK is used with Parosproxy that allows the JDBC to be used as an attack path.

tags | advisory
SHA-256 | 4f3fa44948cb97b0233e4284486e6b495f394d9dbae1b2fe29d244a601741407
jboss402dos.txt
Posted Nov 5, 2005
Authored by Marc Schoenefeld | Site illegalaccess.org

Advisory regarding the ability to denial of service JBoss 4.0.2 with serialized java object due to vulnerabilities in JDK 1.4.2.

tags | advisory, java, denial of service, vulnerability
SHA-256 | fb2df7f6d6ed871ffdb6e6a6ce634c2afd1a1a8f0e55f406bcd1e6987245d89f
TT-Marc-Schoenefeld-Secure-Java-Programming.zip
Posted Oct 11, 2005
Authored by Marc Schoenefeld

Secure Java Programming - The talk is about the causes and effects of coding errors and the techniques to detect them, demonstrated with findings in the current Sun JDK.

tags | java
SHA-256 | bfb10720627d3dc700ef445feae88f44314c35a60fde542354635e8898180b8c
Xcon2005_Marc_Schoenefeld.pdf
Posted Aug 31, 2005
Authored by Marc Schoenefeld | Site xcon.xfocus.org

Xcon 2005: Java & Secure Programming

tags | java
SHA-256 | d6b3ac72fd172c204d6d57072918910fec85af743030e6cc24440b1c52cf37dd
jBPM20.txt
Posted Jul 7, 2005
Authored by Marc Schoenefeld | Site illegalaccess.org

JBoss jBPM suffers from a remote command execution flaw that allows a remote attacker to execute commands with the rights of the JBoss process.

tags | advisory, remote
SHA-256 | b6366cd9f0cc53fbd4d73248a7eb8dce5d3fc8b82e395db714cead860175645d
mac_osx_java_jre_deserialization.txt
Posted Apr 17, 2005
Authored by Marc Schoenefeld | Site illegalaccess.org

MacOSX Java Runtime Environment Remote Denial of Service. Java SDK and JRE contain a flaw which crops up when objects are being de-serialized. This affects servers which are remotely getting data fed over RMI/IIOP, as well as "evil applet" attacks where a user can be persuaded to visit a site and attempt to load an applet.

tags | advisory, java, remote, denial of service
SHA-256 | 9240b9c36216337500ad4e6dfbbd857f177a6bbbc8ca8a2b74647cc9add4b812
57707.txt
Posted Dec 31, 2004
Authored by Marc Schoenefeld

A vulnerability in the Java Runtime Environment (JRE) involving object deserialization could be exploited remotely to cause the Java Virtual Machine to become unresponsive, which is a type of Denial-of-Service (DoS). This issue can affect the JRE if an application that runs on it accepts serialized data from an untrusted source. Includes Sun advisory announcing release of JDK 1.4.2_06 and a note from Marc Shoenefeld who discovered the flaw.

tags | advisory, java
SHA-256 | 9cf73029ae65a9c940c9cc21f96e0bd049756e8dd0f54bec1a662a8e2357de33
opera754.txt
Posted Nov 20, 2004
Authored by Marc Schoenefeld | Site illegalaccess.org

Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain privileges. This allows for information gathering as well as denial of service effects.

tags | advisory, java, denial of service
SHA-256 | 1f4ec2410d1b05e6a1c8e4034bf16cf1d34b5675d0c35d73f31016c81d7cf149
57613.html
Posted Aug 5, 2004
Authored by Marc Schoenefeld | Site sunsolve.sun.com

Sun Security Advisory - The XSLT processor included with the Java Runtime Environment (JRE) may allow an untrusted applet to read data from another applet that is processed using the XSLT processor and may allow the untrusted applet to escalate privileges. All variants of Sun Java JRE 1.4.x and Sun Java SDK 1.4.x are affected, except releases 1.4.2_05 and above.

tags | advisory, java
SHA-256 | 441d16f4938f5f20a31b65a37e706bd5bb719aa73130e7418c55e5fea7934e5d
covert.txt
Posted Jul 12, 2004
Authored by Marc Schoenefeld

The Microsoft Java Virtual Machine suffers from a cross-site communication vulnerability that allows Java applets originating from different domains to communicate.

tags | advisory, java
SHA-256 | 1ac451abafed1ae8f6d56e153fc9d3e676e21a33c0eeff20a26841bdf18887e3
sunjavaapp.txt
Posted May 28, 2004
Authored by Marc Schoenefeld

Sun-Java-App-Server PE version 8.0 suffers from a path disclosure vulnerability when returning server error 500 pages.

tags | advisory, java
SHA-256 | 80f7cd44aca210a567313a3abe3eec919dc378cf120eb973210189e875ca9082
IBM.cloudscape.txt
Posted Feb 5, 2004
Authored by Marc Schoenefeld | Site illegalaccess.org

IBM cloudscape SQL Database (DB2J) version 5.1 on Windows with jdk 1.4.2 is vulnerable to remote command injection, denial of service attacks, and information leakage via specially crafted SQL statements.

tags | advisory, remote, denial of service
systems | windows
SHA-256 | c978f42930b6ec8b774c8919d065e66eb3f5f2a2502016807c1aba06dba01d78
j2ee.pointbase.txt
Posted Jan 19, 2004
Authored by Marc Schoenefeld | Site illegalaccess.org

Attached is an exploit that crashes the Pointbase 4.6 database server that comes with the J2EE reference implementation. It is caused by fact that the Pointbase installation coming with j2ee/ri 1.4. is not equipped with an appropriate security manager, thus giving all jars implicitly all permissions. These unlimited permissions can be exploited by an attacker using jdbc to crash the jvm running the pointbase server. Further exploitations possible are information disclosure and remote command injection.

tags | exploit, remote, info disclosure
SHA-256 | dce14b7ba6ef63416061596683c967a3e51ca10f2c1f0204a348921ccdd803ca
openoffice110.txt
Posted Oct 9, 2003
Authored by Marc Schoenefeld | Site illegalaccess.org

Illegalaccess.org Security Alert - Openoffice 1.1.0 is vulnerable to a denial of service attack when enabled and a TCP connection to the daemon gets fed a bunch of zeroes.

tags | exploit, denial of service, tcp
SHA-256 | f0e475822a5cb5d02bafd4ef52b5d3bcc86b303db8dcd07cd2bef486b0ce779b
jboss.txt
Posted Oct 6, 2003
Authored by Marc Schoenefeld | Site illegalaccess.org

Illegalaccess.org Security Alert - JBoss 3.2.1, the Java server for running J2EE enterprise applications, is vulnerable to denial of service attacks, log manipulation, manipulation of process variables, and arbitrary command injection.

tags | advisory, java, denial of service, arbitrary
SHA-256 | 55f58d333af30e5d98fa812f5f028f618ac98fb90bf33ce53c06b5ffbb621018
JBoss.txt
Posted Jun 3, 2003
Authored by Marc Schoenefeld | Site illegalaccess.org

Boss 3.2.1 with Jetty is vulnerable to full JSP source code disclosure when using a null byte.

tags | exploit
SHA-256 | 5fa351f9ce58e57f2eea703a4be52cd1c81ec605244c7ecb9a5c8efb1cfdf9cf
beauchamp02032003.txt
Posted Feb 11, 2003
Authored by Marc Schoenefeld | Site illegalaccess.org

A specially constructed Java Applet crashes Opera versions 6.05 and 7.01. Opera's own class files in the opera.jar library are susceptible to a buffer overrun which causes a JVM crash and then crashes Opera.

tags | exploit, java, overflow
SHA-256 | 348fa9d0eb2e4f65de49b13f851cd88cba36942bf730efaae4b722eecbce6fa8
jvm-1.3.crash.txt
Posted Jun 10, 2002
Authored by Marc Schoenefeld

This simple java program crashes the VM (at least 1.3.1-b24) on W2K, and is another example of Java-Frontier Bugs.

tags | exploit, java
SHA-256 | 6f26c966da14268cd5e14f4a814470f95cfd0613135a33dbef76e8ce95c142f9
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close