So this is a big one, and thankfully this PayPal Remote Code Execution Vulnerability was discovered by security researchers and not the bad guys. Although there’s no way for us to know if someone has been using this to siphon data out of PayPal for some time before the whitehats found it. It’s a roundabout […]
JAVA-security
Oracle Java Cloud Service Vulnerabilities Publicly Disclosed
Security researches from the Polish firm Security Explorations have released a massive slew of PoC code and technical details on 30 Oracle Java Cloud Service Vulnerabilities. It seems like they had already reported them to Oracle, but weren’t happy with how things were handled, so have decided to go public with the weaknesses. They gave […]
Oracle Releases Emergency Patch for Java Vulnerability
[ad] After informing a researcher just a few days ago that “they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle” they have made a 180 turn on the issue and pushed out an emergency patch to mitigate against the Serious Java Bug That Exposes Users To […]
Serious Java Bug Exposes Users To Code Execution
[ad] Once again a different attack vector, seems to the creative season for discovering bugs. I guess it’s partially due to the fact this time of year tends to be pretty quiet business wise so researchers have plenty of downtime to look at nifty ways to break things. This might be a tough one to […]
OWASP CodeCrawler – Static Code Review Tool
[ad] CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project. It provides automatic STRIDE classification a very simple DREAD calculator and few […]