Lucene search
K

19 matches found

GithubExploit
GithubExploit
added 2025/12/17 10:7 a.m.250 views

Exploit for CVE-2015-1427

Penetration Testing Framework !License: MIThttps://img.sh...

10CVSS8.4AI score0.99906EPSS
Exploits117
vulnersOsv
vulnersOsv
added 2022/05/14 2:49 a.m.4 views

at.molindo:esi4j (>=0.3.0 <=0.3.2), be.thematchbox:AbstractRiver (=1.0.1) +267 more potentially affected by CVE-2015-1427 via org.elasticsearch:elasticsearch (>=0.6.0 <=1.3.7)

org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.3.0, =1.0.0, =0.0.1, =0.1.13, =0.1.1, =0.8.1, =0.1.0, =1.0, =1.0.0, =1.1.2, =1.2, =2.0.0, =2.3.1 and more Source cves: CVE-2015-1427 Source advisory: OSV:GHSA-W94P-6MHW-4QXW...

9.8CVSS8AI score0.99906EPSS
Exploits19
vulnersOsv
vulnersOsv
added 2022/05/14 2:49 a.m.4 views

at.molindo:esi4j (>=1.0.0 <=1.0.2), com.blinkbox.books:elastic-http_2.11 (=0.0.12) +135 more potentially affected by CVE-2015-1427 via org.elasticsearch:elasticsearch (>=1.4.0 <=1.4.2)

org.elasticsearch:elasticsearch MAVEN version =1.4.0, =1.0.0, =1.9.0, =1.7, =1.4.0, =2.0.3, =0.0.19, =2.15, =1.4.0, =1.4.0, =1.4.11 - com.spruenker:elastic-feeder2.10 =1.1.1 and more Source cves: CVE-2015-1427 Source advisory: OSV:GHSA-W94P-6MHW-4QXW...

9.8CVSS7.4AI score0.99906EPSS
Exploits19
VulnCheck KEV
VulnCheck KEV
added 2019/04/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2015-1427

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands...

9.8CVSS7.6AI score0.99906EPSS
Exploits19References1
myhack58
myhack58
added 2018/12/14 12:0 a.m.299 views

Crypto currency mining machine using Elasticsearch vulnerability propagation-vulnerability warning-the black bar safety net

ElasticSearch is based on Lucene search server. It provides a distributed multi-user capability of the full-text search engine, based on the RESTful web interface. Elasticsearch is developed in Java, and as the Apache license under the terms of the open source release, is the current popular...

7.5CVSS0.1AI score0.99906EPSS
Exploits29
GithubExploit
GithubExploit
added 2017/01/09 8:8 p.m.5 views

Exploit for CVE-2015-1427

Elasticsearch 1.4.0 1.4.2 Remote Code Execution Elastics...

9.8CVSS8.4AI score0.99906EPSS
Exploits19
Check Point Advisories
Check Point Advisories
added 2015/10/19 12:0 a.m.13 views

Elasticsearch Sandbox Escape Command Execution (CVE-2015-1427)

A remote command execution RCE vulnerability exists in the Groovy scripting engine in Elasticsearch. The vulnerability is due to certain scripts bypassing the sandbox protection mechanism. A remote attacker can exploit this weakness to execute arbitrary code via a specially crafted request...

7.5CVSS4.1AI score0.99906EPSS
Exploits19
Nmap
Nmap
added 2015/05/21 10:2 a.m.723 views

http-vuln-cve2015-1427 NSE Script

This script attempts to detect a vulnerability, CVE-2015-1427, which allows attackers to leverage features of this API to gain unauthenticated remote code execution RCE. Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have a vulnerability in the Groovy scripting engine. The vulnerability allow...

10CVSS9.7AI score0.99906EPSS
Exploits52
Exploit DB
Exploit DB
added 2015/03/16 12:0 a.m.303 views

ElasticSearch - Search Groovy Sandbox Bypass (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Search Groovy Sandbox Bypass', 'Description' = %q This module exploits a remote command execution RCE vulnerability in...

9.8CVSS9.8AI score0.99906EPSS
Exploits19
OpenVAS
OpenVAS
added 2015/03/12 12:0 a.m.148 views

Elastic Elasticsearch < 1.3.8, 1.4.x < 1.4.3 Groovy Scripting Engine Unauthenticated RCE Vulnerability - Active Check

Elastic Elasticsearch is prone to an unauthenticated remote code execution RCE. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.7AI score0.99906EPSS
Exploits19References6
Packet Storm
Packet Storm
added 2015/03/12 12:0 a.m.185 views

ElasticSearch Search Groovy Sandbox Bypass

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Search Groovy Sandbox Bypass', 'Description' = %q This module exploits a remote command execution RCE vulnerability in...

7.5CVSS0.99906EPSS
Exploits19
0day.today
0day.today
added 2015/03/12 12:0 a.m.150 views

ElasticSearch Unauthenticated Remote Code Execution Exploit

Exploit for linux platform in category remote exploits !/bin/python2 coding: utf-8 Author: Darren Martyn, Xiphos Research Ltd. Version: 20150309.1 Licence: WTFPL - wtfpl.net import json import requests import sys import readline readline.parseandbind'tab: complete' readline.parseandbind'set...

7.5CVSS0.2AI score0.99906EPSS
Exploits19
Packet Storm
Packet Storm
added 2015/03/12 12:0 a.m.644 views

ElasticSearch Unauthenticated Remote Code Execution

!/bin/python2 coding: utf-8 Author: Darren Martyn, Xiphos Research Ltd. Version: 20150309.1 Licence: WTFPL - wtfpl.net import json import requests import sys import readline readline.parseandbind'tab: complete' readline.parseandbind'set editing-mode vi' version = "20150309.1" def banner: print...

7.5CVSS0.4AI score0.99906EPSS
Exploits19
Exploit DB
Exploit DB
added 2015/03/11 12:0 a.m.253 views

ElasticSearch - Remote Code Execution

!/bin/python2 coding: utf-8 Author: Darren Martyn, Xiphos Research Ltd. Version: 20150309.1 Licence: WTFPL - wtfpl.net import json import requests import sys import readline readline.parseandbind'tab: complete' readline.parseandbind'set editing-mode vi' version = "20150309.1" def banner: print...

9.8CVSS9.5AI score0.99906EPSS
Exploits19
Circl
Circl
added 2015/03/11 12:0 a.m.16 views

CVE-2015-1427

creationtimestamp| type| source ---|---|--- 2015-03-11 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36337 2015-03-16 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36415 2017-07-11 02:04:41+00:00| published-proof-of-concept| https://t.me/HackingPublicoficial/162...

9.8CVSS7.3AI score0.99906EPSS
In wildExploits19References12
securityvulns
securityvulns
added 2015/02/22 12:0 a.m.211 views

Elasticsearch vulnerability CVE-2015-1427

Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. We have been assigne...

7.5CVSS1.6AI score0.99906EPSS
Exploits19
canvas
canvas
added 2015/02/17 3:59 p.m.126 views

Immunity Canvas: ELASTICSEARCH_CVE_2015_1427

Name| elasticsearchCVE20151427 ---|--- CVE| CVE-2015-1427 Exploit Pack| CANVAS Description| elasticsearchCVE-2015-1427 Notes| CVE Name: CVE-2015-1427 VENDOR: elastic Notes: Elasticsearch versions 1.3.x before 1.3.8 and 1.4.x before 1.4.3 have dynamic scripting features enabled by default using...

7.5CVSS1.1AI score0.99906EPSS
Exploits19
Vulnrichment
Vulnrichment
added 2015/02/17 3:0 p.m.14 views

CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

9.4AI score0.99906EPSS
Exploits19References8
CVE
CVE
added 2015/02/17 3:0 p.m.1260 views

CVE-2015-1427

CVE-2015-1427 concerns Elasticsearch’s Groovy scripting engine, where dynamic scripting was enabled by default in versions before 1.3.8 (and 1.4.x before 1.4.3). The root cause is a sandbox bypass in the Groovy sandbox that allows remote attackers to execute arbitrary shell commands via a crafted...

9.8CVSS9.2AI score0.99906EPSS
In wildExploits19References9Affected Software1
Rows per page
Query Builder