CVE-2016-2510

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...

UBUNTU-CVE-2016-2510

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...

bsh -- remote code execution vulnerability

Stian Soiland-Reyes reports: This release fixes a remote code execution vulnerability that was identified in BeanShell by Alvaro Muñoz and Christian Schneider. The BeanShell team would like to thank them for their help and contributions to this fix! An application that includes BeanShell on the...

SRC-2015-0003 : Oracle Endeca Tools and Frameworks AMF Request Beanshell Script Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Tools and Frameworks. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific fla...

JBoss JMX Console Beanshell Deployer WAR Upload and Deployment

This module can be used to install a WAR file payload on JBoss servers that have an exposed "jmx-console" application. The payload is put on the server by using the jboss.system:BSHDeployer's createScriptDeployment method. This module requires Metasploit: https://metasploit.com/download Current...

JBoss JMX Console Beanshell Deployer WAR upload and deployment

No description provided by source. $Id: jbossbshdeployer.rb 11533 2011-01-10 14:34:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

OpenKM Document Management System 5.1.7 Command Execution

No description provided by source. COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable...

Cisco/Protego CS-MARS < 4.2.1 (JBoss) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl Cisco/Protego CS-MARS 4.2.1 remote command execution, system compromise via insecure JBoss installation. Fully functional POC code by Jon Hart [email protected] Addressed in CSCse47646 CS-MARS is an event correlation product orginally written by...

Andiparos - Security tool that can be used for web application security assessments

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc. The advantage of Andiparos is mainly the support of Client Certificates ...

BeanShell Remote Server Mode Arbitrary Code Execution

The remote host is running a BeanShell interpreter in remote server mode. This allows network clients to connect to the interpreter and execute BeanShell commands and arbitrary Java code. A remote, unauthenticated attacker could exploit this to execute arbitrary code. %NASLMINLEVEL 70300 C Tenabl...

OWASP Zed Attack Proxy (ZAP) v.1.3.2 Released

OWASP Zed Attack Proxy ZAP v.1.3.2 Released The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and...

JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)

$Id: jbossbshdeployer.rb 11533 2011-01-10 14:34:24Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Cisco/Protego CS-MARS < 4.2.1 (JBoss) Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits =================================================================== Cisco/Protego CS-MARS Addressed in CSCse47646 CS-MARS is an event correlation product orginally written by Protego, which is now owned by Cisco. It is built on top of JBos...