Quantcast
Channel: Files from Matthias Kaiser ≈ Packet Storm
Browsing all 9 articles
Browse latest View live

Java Statement.invoke() Trusted Method Chain Exploit

:0
:0
August 23, 2010, 5:12 pm

This Metasploit module exploits a vulnerability in Java Runtime Environment that allows an untrusted method to run in a privileged context. The vulnerability affects version 6 prior to update 19 and...

View Article
Search

Java RMIConnectionImpl Deserialization Privilege Escalation Exploit

:0
:0
September 8, 2010, 7:05 pm

This Metasploit module exploits a vulnerability in the Java Runtime Environment that allows to deserialize a MarshalledObject containing a custom classloader under a privileged context. The...

View Article

Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit

:0
:0
November 22, 2010, 5:08 pm

This Metasploit module exploits a vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox. By injecting a parameter into a javaws call within the BasicServiceImpl...

View Article

Java Applet ProviderSkeleton Insecure Invoke Method

:0
:0
June 26, 2013, 6:56 pm

This Metasploit module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java...

View Article

IPass Control Pipe Remote Command Execution

:0
:0
March 12, 2015, 6:42 pm

This Metasploit module exploits a vulnerability in the IPass Client service. This service provides a named pipe which can be accessed by the user group BUILTIN\Users. This pipe can be abused to force...

View Article

Apache Flex BlazeDS 4.7.0 XML Entity Expansion

:0
:0
August 22, 2015, 6:33 am

When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations allows expanding of entities to local resources. A request that included a specially crafted...

View Article

Apache Qpid Untrusted Input Deserialization

:0
:0
July 2, 2016, 6:13 am

When applications call getObject() on a consumed JMS ObjectMessage they are subject to the behaviour of any object deserialization during the process of constructing the body to return. Unless the...

View Article

Jenkins CLI HTTP Java Deserialization

:0
:0
May 16, 2018, 3:17 pm

This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins, which allows remote arbitrary code execution via HTTP. Authentication is not required to...

View Article
Search

Apache Struts 2 Forced Multi OGNL Evaluation

:0
:0
December 24, 2020, 9:31 am

The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will...

View Article
Browsing all 9 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm
Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am
Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm