-
Java8u20 RCE gadget.
#javadeser@pwntester as always your work is amazing...https://github.com/pwntester/JRE8u20_RCE_Gadget … -
I found a new deserialization endpoint in Tomcat: CVE-2016-8735 same attack vector than my CVE-2016-3427
#javadeser http://seclists.org/oss-sec/2016/q4/502 … -
a little in deep
#javadeser with Lab CVE-2015-7501 CVE-2017-7504 CVE-2017-12149 at@h2hconferencehttps://github.com/joaomatosf/JavaDeserH2HC …Prikaži ovu nit -
We review some
#javadeser vulnerabilities in Android and showed how to find them using QL, these include CVE-2014-7911(@tehjh), CVE-2015-3825 (@peles_o and@roeehay), CVE-2017-411/412(@laginimaineb) and a new one CVE-2017-0871: https://lgtm.com/blog/android_deserialization … -
My RCE in Apache Nutch has been fixed. Thanks project team! Combining 2 known issues with 3rd party libraries (CVE-2015-7501 + CVE-2016-6809)
#javadeser#supplyChainSecurityPrikaži ovu nit -
Write-ups on three recent WebLogic
#javadeser RCEs (translated from chinese): https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fblogs.projectmoon.pw%2F2018%2F10%2F19%2FOracle-WebLogic-Two-RCE-Deserialization-Vulnerabilities%2F … https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=https%3A%2F%2Fmp.weixin.qq.com%2Fs%2FebKHjpbQcszAy_vPocW0Sg …Prikaži ovu nit -
Some Java Deserialization Security FAQ - https://christian-schneider.net/JavaDeserializationSecurityFAQ.html#main … to answer dev questions about
#JavaDeser - feedback welcome -
Seems like
#javadeser is hot again! Two talks with great findings at BlackHat EU this week: https://i.blackhat.com/eu-19/Wednesday/eu-19-An-Far-Sides-Of-Java-Remote-Protocols.pdf … https://i.blackhat.com/eu-19/Thursday/eu-19-Zhang-New-Exploit-Technique-In-Java-Deserialization-Attack.pdf … -
Thanks Tim for having managed this so efficiently. New Java deserialization endpoint
#javadeser https://twitter.com/_tallison/status/796719867894386688 … -
Java deserialization endpoint found by Jacob Baines in VMwaew vRealize Operations http://www.vmware.com/security/advisories/VMSA-2016-0020.html …
#javadeser -
ColdFusion
#javadeser vuln: "unsafe Java deserialization that could result in remote code execution (CVE-2017-11283, CVE-2017-11284)" https://twitter.com/nickstadb/status/907673124686229505 … -
Some neat
#javadeser exploit research here https://twitter.com/_tint0/status/1202565357417967616 … -
Some awesome exploit chaining here, including discovering a new
#javadeser gadget https://twitter.com/_tint0/status/1105829944200974336 … -
Deserialization endpoint: IBM Websphere
#javadeser http://seclists.org/fulldisclosure/2016/Oct/43 … -
Pre-auth root RCE
#javadeser vuln in Cisco Unity Express. "A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user." https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-cue?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unity%20Express%20Arbitrary%20Command%20Execution%20Vulnerability&vs_k=1 … -
On Saturday 10am at
@hackfest_ca I will talk about Java serialization security#javadeser -
Turning Externalizable.readExternal into ObjectInputStream.readObject in AMF
#javadeser http://codewhitesec.blogspot.com/2017/04/amf.html …pic.twitter.com/CIY8Q7n5CL
-
Pure JRE 8u20
#javadeser RCE gadget. Nice work@pwntester!https://twitter.com/pwntester/status/748658544598212608 … -
PoC for
#javadeser attacks on Android apps. Beware with your dependencies if you use Intent extras. By@vollkorn1982 &@mod0https://github.com/modzero/modjoda/blob/master/README.md … -
Nice to see the video of our AppSecEU talk about Java deserialization released // cc
@pwntester#javadeser https://www.youtube.com/watch?v=m1sH240pEfw&feature=share …
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.