768 matches found
Apache James java deserialization arbitrary command execution vulnerability
Apache James is pure Java SMTP and POP3 mail server and NNTP news server . A security vulnerability in the Apache James JMX server's handling of Java deserialization allows an attacker to exploit the vulnerability to construct special requests to execute arbitrary code in the context of an...
CVE-2017-12628
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...
CVE-2017-12628
CVE-2017-12628 : The JMX server embedded in Apache James is vulnerable to a Java deserialization issue in its JMX handling, enabling arbitrary command execution. The description notes this is limited to local escalation since JMX is bound to localhost by default, with the vendor upgrade to a fixe...
HP UCMDB Server BeanUtils Java Deserialization RCE
The HP Universal Configuration Management Database UCMDB Server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons BeanUtils library. An unauthenticated, remote attacker can exploit...
ERS Data System 1.8.1 - Java Deserialization Exploit
Exploit for windows platform in category remote exploits Exploit Title: ERS Data System 1.8.1 Deserialize Vulnerability Google Dork: N/A Date: 9/21/2017 Exploit Author: West Shepherd Vendor Homepage: http://www.ersdata.com Software Link: www.ersdata.com/downloads/ErsSetup.exe Version: 1.8.1.0...
ERS Data System 1.8.1 Java Deserialization
Exploit Title: ERS Data System 1.8.1 Deserialize Vulnerability Google Dork: N/A Date: 9/21/2017 Exploit Author: West Shepherd Vendor Homepage: http://www.ersdata.com Software Link: www.ersdata.com/downloads/ErsSetup.exe Version: 1.8.1.0 Tested on: Windows 7 x86 CVE : CVE-2017-14702 Description: E...
Oracle WebLogic Server Java Deserialization Remote Code Execution
Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage: http://www.oracle.com/technetwork/middleware/weblogic/overview/index.html Affetcted Version...
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Exploit
Exploit for java platform in category remote exploits Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage:...
ScrumWorks Pro 6.7.0 RCE Vulnerability
ScrumWorks Pro is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
ERS Data System 1.8.1 - Java Deserialization
Exploit Title: ERS Data System 1.8.1 Deserialize Vulnerability Google Dork: N/A Date: 9/21/2017 Exploit Author: West Shepherd Vendor Homepage: http://www.ersdata.com Software Link: www.ersdata.com/downloads/ErsSetup.exe Version: 1.8.1.0 Tested on: Windows 7 x86 CVE : CVE-2017-14702 Description: E...
HPE < 7.2 - Java Deserialization Exploit
Exploit for java platform in category remote exploits !/usr/bin/env python HPE/H3C IMC - Java Deserialization Exploit Version 0.1 Tested on Windows Server 2008 R2 Name HPE/H3C IMC Intelligent Management Center Java 1.8.091 Author: Raphael Kuhn Daimler TSS Special thanks to: Jan Esslinger @Hngan f...
HPE 7.2 - Java Deserialization
HPE 7.2 - Java Deserialization !/usr/bin/env python HPE/H3C IMC - Java Deserialization Exploit Version 0.1 Tested on Windows Server 2008 R2 Name HPE/H3C IMC Intelligent Management Center Java 1.8.091 Author: Raphael Kuhn Daimler TSS Special thanks to: Jan Esslinger @Hngan for the websphere exploi...
HPE < 7.2 - Java Deserialization
!/usr/bin/env python HPE/H3C IMC - Java Deserialization Exploit Version 0.1 Tested on Windows Server 2008 R2 Name HPE/H3C IMC Intelligent Management Center Java 1.8.091 Author: Raphael Kuhn Daimler TSS Special thanks to: Jan Esslinger @Hngan for the websphere exploit this one is based upon import...
Adobe Patches Two Critical RCE Vulnerabilities in Flash Player
Adobe may kill Flash Player by the end of 2020, but until then, the company would not stop providing security updates to the buggy software. As part of its monthly security updates, Adobe has released patches for eight security vulnerabilities in its three products, including two vulnerabilities ...
APSB17-30 Security update available for ColdFusion
Adobe has released security updates for ColdFusion version 11 and the 2016 release. These updates address a critical XML parsing vulnerability CVE-2017-11286, an important cross-site scripting vulnerability CVE-2017-11285 that could lead to information disclosure and a mitigation for unsafe Java...
Apache Struts 2 REST Plugin XStream Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 REST Plugin XStream RCE', 'Description' = %q Apache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a...
Struts2 S2-052(CVE-2017-9805)remote code execution vulnerability bug research-vulnerability warning-the black bar safety net
Struts2 S2-052 remote code perform vulnerability bug and the previous Struts2 vulnerability bug there is a difference, S2-052 operating the Java deserialization cracks, rather than reputation notorious ognl in. The flaws of the trigger point is the REST plug-in to parse begged in the xml file, ca...
CVE-2017-1000034
Akka versions =2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Jenkins 1.650 - Java Deserialization
Jenkins 1.650 - Java Deserialization import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date:...