Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:37 a.m.18 views

CVE-2019-2725

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.8CVSS7.7AI score0.99964EPSS
Exploits35References1
Gitee
Gitee
added 2025/07/27 4:5 a.m.101 views

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CNVD-C-2019-48814 WebLogic wls9-async反序列化远程命令执行漏洞 回显poc for weblogic Patch update: https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html 漏洞复现: http://10.10.20.166:7001/async/AsyncResponseService curl -i http://10.10.20.166:7001/async/favicon.ico CNVD-C-2019-48814...

9.8CVSS7.9AI score0.99993EPSS
Exploits74
The Hacker News
The Hacker News
added 2022/07/01 5:36 a.m.243 views

Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence...

9.8CVSS0.6AI score0.99999EPSS
Exploits111
ICS
ICS
added 2022/03/01 12:0 p.m.99 views

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure

Summary Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture. • Patch all systems. Prioritize patching known exploited vulnerabilities. • Implement multi-factor authentication. • Use antivirus software. • Develop internal contact lists and...

10CVSS9.9AI score0.99999EPSS
Exploits449References104
The Hacker News
The Hacker News
added 2021/05/08 12:24 p.m.524 views

Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild

Cyber operatives affiliated with the Russian Foreign Intelligence Service SVR have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operato...

10CVSS0.4AI score0.99999EPSS
Exploits356
GithubExploit
GithubExploit
added 2020/08/31 2:9 p.m.255 views

Exploit for Injection in Oracle Agile_Plm

Oracle-WLS-Weblogic-RCE CVE-2019-2725 Oracle WLSWeblogic R...

9.8CVSS8.8AI score0.99964EPSS
Exploits35
Gitee
Gitee
added 2020/03/31 4:17 p.m.6 views

Exploit for Injection in Oracle Agile_Plm

CVE-2019-2725 CVE-2019-2725CNVD-C-2019-48814、WebLogic wls9-async 命令回显 10.3.6 12.1.3 ResultBaseExec.java 用于测试defineClass,将把恶意类从base64还原出来,执行代码,主要是比较方便(可用可不用)。 JDK7u21.java 会生成weblogic-2019-272512.1.3命令执行.txt中的xml,请使用jdk6编译。 CVE-2019-2725.py 检测命令是否会执行。...

9.8CVSS7.7AI score0.99964EPSS
Exploits35
GithubExploit
GithubExploit
added 2019/12/12 3:9 a.m.148 views

Exploit for Injection in Oracle Agile_Plm

CVE-2019-2725-POC CVE-2019-2725-POC Modif...

9.8CVSS7.3AI score0.99964EPSS
Exploits35
Openbugbounty
Openbugbounty
added 2019/10/13 5:45 p.m.17 views

myblog.boscolo.it Improper Access Control vulnerability

Open Bug Bounty ID: OBB-993038 Security Researcher 0xrocky Helped patch 1796 vulnerabilities Received 7 Coordinated Disclosure badges Received 5 recommendations , a holder of 7 badges for responsible and coordinated disclosure, found a security vulnerability affecting myblog.boscolo.it website an...

0.2AI score
Exploits0
GithubExploit
GithubExploit
added 2019/08/23 1:42 a.m.508 views

Exploit for Injection in Oracle Agile_Plm

CVE-2019-2725 WebLogic Universal Exploit - CVE-2017-3506 / CVE...

9.8CVSS9.5AI score0.99993EPSS
Exploits83
GithubExploit
GithubExploit
added 2019/06/24 8:33 a.m.166 views

Exploit for Injection in Oracle Agile_Plm

WebLogic CVE-2019-2725, CVE-2019-2729 – POC Execute comman...

9.8CVSS7.3AI score0.99964EPSS
Exploits44
myhack58
myhack58
added 2019/06/18 12:0 a.m.231 views

WebLogic Server re-aeration at high risk 0 day vulnerability-a vulnerability warning-the black bar safety net

6 May 11, Ali cloud security team found WebLogic CVE-2019-2725 patch to bypass the 0day vulnerabilities, and First Time reported in Oracle official, 6 January 12, get Oracle official confirmation. Since Oracle has not yet released an official patch, vulnerability details and real PoC are not...

7.5CVSS9AI score0.99964EPSS
Exploits35
myhack58
myhack58
added 2019/06/17 12:0 a.m.442 views

WebLogic deserialization 0day vulnerability CVE-2019-2725 patch to bypass)early warning-vulnerability warning-the black bar safety net

2019 06 May 15, 360CERT monitored in the field of Oracle Weblogic remote deserialize command execution vulnerability, the vulnerability to bypass the latest Weblogic patch(CVE-2019-2725, the attacker can send a carefully constructed malicious HTTP request, unauthorized remote execution of command...

7.5CVSS2.6AI score0.99964EPSS
Exploits35
GithubExploit
GithubExploit
added 2019/06/16 6:17 a.m.157 views

Exploit for Injection in Oracle Agile_Plm

CVE-2019-2725 bypass tips coded in python3,payloadhereh...

9.8CVSS8.4AI score0.99964EPSS
Exploits35
GithubExploit
GithubExploit
added 2019/05/29 1:57 a.m.179 views

Exploit for Injection in Oracle Agile_Plm

CVE-2019-2725 CVE-2019-2725 CNVD-C-2019-48814; WebLogic wls...

9.8CVSS7.3AI score0.99964EPSS
Exploits35
Exploit DB
Exploit DB
added 2019/05/08 12:0 a.m.278 views

Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - AsyncResponseService ', 'Description' = %q An unauthenticated attacker with network access to the...

9.8CVSS9AI score0.99964EPSS
Exploits35
0day.today
0day.today
added 2019/05/07 12:0 a.m.1570 views

Oracle Weblogic Server Deserialization Remote Code Execution Exploit

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS1AI score0.99964EPSS
Exploits35
Saint
Saint
added 2019/05/02 12:0 a.m.208 views

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

9.8CVSS8.8AI score0.99964EPSS
Exploits35
Saint
Saint
added 2019/05/02 12:0 a.m.967 views

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

7.5CVSS8.8AI score0.99964EPSS
Exploits35
Saint
Saint
added 2019/05/02 12:0 a.m.118 views

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

9.8CVSS8.8AI score0.99964EPSS
Exploits35
Rows per page
Query Builder