U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

SUMMARY: ==================== This report describes a vulnerability similar to that described in my other reports 329376, 329397, 329399 The DoD https://████/psc/EXPROD/ Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution RCE and Denial of Service Attacks D...

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

SUMMARY: ==================== The DoD https://███/psc/EXPROD/ Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution RCE and Denial of Service Attacks DoS over a Java Object Deserialization CWE-502 in the “monitor” service. Thus an attacker can generate and se...

U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

SUMMARY: ==================== The DoD https://██████/psc/EXPROD1/ Web System uses the Oracle PeopleSoft platform which is vulnerable to Remote Code Execution RCE and Denial of Service Attacks DoS over a Java Object Deserialization CWE-502 in the “monitor” service. Thus an attacker can generate an...

Oracle PeopleSoft 8.5x - Remote Code Execution Vulnerability

Exploit for java platform in category web applications Exploit Title: RCE vulnerability in monitor service of PeopleSoft 8.54, 8.55, 8.56 Date: 30 Oct 2017 Exploit Author: Vahagn Vardanyan Vendor Homepage: Oracle Software Link: Oracle PeopleSoft Version: 8.54, 8.55, 8.56 Tested on: Windows, Linux...

Oracle PeopleSoft 8.5x Remote Code Execution

Exploit Title: RCE vulnerability in monitor service of PeopleSoft 8.54, 8.55, 8.56 Date: 30 Oct 2017 Exploit Author: Vahagn Vardanyan Vendor Homepage: Oracle Software Link: Oracle PeopleSoft Version: 8.54, 8.55, 8.56 Tested on: Windows, Linux CVE : CVE-2017-10366...

Oracle PeopleSoft 8.5x - Remote Code Execution

Oracle PeopleSoft 8.5x - Remote Code Execution Exploit Title: RCE vulnerability in monitor service of PeopleSoft 8.54, 8.55, 8.56 Date: 30 Oct 2017 Exploit Author: Vahagn Vardanyan Vendor Homepage: Oracle Software Link: Oracle PeopleSoft Version: 8.54, 8.55, 8.56 Tested on: Windows, Linux CVE :...

Oracle PeopleSoft 8.5x - Remote Code Execution

Exploit Title: RCE vulnerability in monitor service of PeopleSoft 8.54, 8.55, 8.56 Date: 30 Oct 2017 Exploit Author: Vahagn Vardanyan Vendor Homepage: Oracle Software Link: Oracle PeopleSoft Version: 8.54, 8.55, 8.56 Tested on: Windows, Linux CVE : CVE-2017-10366...

CVE-2017-10366

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: Performance Monitor. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2017-10366

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products subcomponent: Performance Monitor. Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2017-10366

Summary (mode C): The CVE-2017-10366 vulnerability affects Oracle PeopleSoft 8.54, 8.55, and 8.56 in the monitor service of PeopleSoft PT PeopleTools. It enables unauthenticated remote code execution and denial of service via Java object deserialization in the monitor path, with PoCs showing DNS ...

Critical Code Execution Flaw Patched in PeopleSoft Core Engine

Organizations that have their PeopleSoft installations exposed to the internet should pay special attention to a remote code execution vulnerability patched on Tuesday as part of Oracle’s massive quarterly Critical Patch Update. The flaw, CVE-2017-10366, allows an attacker to gain remote code...