Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:13 p.m.8 views

CVE-2020-7961

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...

9.8CVSS8.1AI score0.99783EPSS
Exploits10References1
Hacker One
Hacker One
added 2024/09/26 8:25 a.m.13 views

U.S. Dept Of Defense: CVE-2020-7961 RCE Liferay Portal Unauthenticated via https://████████/

CVE-2020-7961 was a remote code execution vulnerability in Liferay Portal. The vulnerability was exploited through the "/api/jsonws/invoke" endpoint, which allowed unauthenticated users to execute arbitrary commands on the server...

9.8CVSS9.9AI score0.99783EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2021/11/23 12:0 a.m.755 views

Liferay Portal 6.2.x < 6.2.5 / 7.0.x < 7.0.6 / 7.1.x < 7.1.3 / 7.2.x < 7.2.1 RCE

The version of Liferay Portal installed on the remote host is affected by a remote code execution vulnerability in its JSON web services component. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Note that Nessus has not tested for thi...

9.8CVSS9.6AI score0.99783EPSS
Exploits10References2
GithubExploit
GithubExploit
added 2021/01/14 7:18 p.m.187 views

Exploit for Deserialization of Untrusted Data in Liferay Liferay_Portal

CVE-2020-7961 Exploit script for CVE-2020-7961 Unauthenticated...

9.8CVSS10AI score0.99783EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/07/12 12:0 a.m.533 views

Liferay Portal Remote Code Execution

Exploit Title: Data in Liferay Portal prior to 7.2.1 CE GA2 - Remote code execution Author: nu11secur1ty Date: 2020-01-24 Vendor: Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7961 https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-7961 CVE:...

7.5CVSS0.1AI score0.99783EPSS
Exploits10
0day.today
0day.today
added 2020/07/12 12:0 a.m.1635 views

Liferay Portal Remote Code Execution Exploit

Liferay Portal versions prior to 7.2.1 CE GA2 exploit that gains code execution due to deserialization of untrusted data sent to the JSON web services interface. Exploit Title: Data in Liferay Portal prior to 7.2.1 CE GA2 - Remote code execution Author: nu11secur1ty Vendor: Link:...

9.8CVSS9.5AI score0.99783EPSS
Exploits10
0day.today
0day.today
added 2020/04/16 12:0 a.m.526 views

Liferay Portal Java Unmarshalling Remote Code Execution Exploit

This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1. This module requires Metasploit: https://metasploit.com/download Current...

9.8CVSS0.5AI score0.99783EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/04/15 12:0 a.m.343 views

Liferay Portal Java Unmarshalling Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Liferay Portal Java Unmarshalling via JSONWS RCE', 'Description' = %q This module exploits a Java unmarshalling vulnerability via JSONWS in Lifer...

7.5CVSS0.7AI score0.99783EPSS
Exploits10
Circl
Circl
added 2020/03/30 1:40 p.m.11 views

CVE-2020-7961

creationtimestamp| type| source ---|---|--- 2020-03-30 13:40:04+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/4056 2020-04-15 04:46:00+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/liferayjavaunmarshalling.rb 2020-04-16...

9.8CVSS7.5AI score0.99783EPSS
Exploits10References18
OSV
OSV
added 2020/03/20 7:15 p.m.10 views

CVE-2020-7961

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...

9.8CVSS9.9AI score0.99783EPSS
Exploits10References6
Vulnrichment
Vulnrichment
added 2020/03/20 6:16 p.m.15 views

CVE-2020-7961

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...

8AI score0.99783EPSS
Exploits10References5
CVE
CVE
added 2020/03/20 6:16 p.m.1716 views

CVE-2020-7961

The CVE-2020-7961 issue affects Liferay Portal’s JSONWS deserialization of untrusted data, enabling unauthenticated remote code execution. Vulnerable software is Liferay Portal prior to 7.2.1 CE GA2, where the root cause is unsafe deserialization in JSONWebServiceActionParameters processed via JS...

9.8CVSS9.7AI score0.99783EPSS
In wildExploits10References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/03/20 12:0 a.m.198 views

CVE-2020-7961

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS. Recent assessments: wvu-r7 at April 08, 2020 6:31pm UTC reported: A Metasploit module has been written:...

10CVSS9.8AI score0.99783EPSS
In wildExploits16References9
Rows per page
Query Builder