13 matches found
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...
U.S. Dept Of Defense: CVE-2020-7961 RCE Liferay Portal Unauthenticated via https://████████/
CVE-2020-7961 was a remote code execution vulnerability in Liferay Portal. The vulnerability was exploited through the "/api/jsonws/invoke" endpoint, which allowed unauthenticated users to execute arbitrary commands on the server...
Liferay Portal 6.2.x < 6.2.5 / 7.0.x < 7.0.6 / 7.1.x < 7.1.3 / 7.2.x < 7.2.1 RCE
The version of Liferay Portal installed on the remote host is affected by a remote code execution vulnerability in its JSON web services component. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Note that Nessus has not tested for thi...
Exploit for Deserialization of Untrusted Data in Liferay Liferay_Portal
CVE-2020-7961 Exploit script for CVE-2020-7961 Unauthenticated...
Liferay Portal Remote Code Execution
Exploit Title: Data in Liferay Portal prior to 7.2.1 CE GA2 - Remote code execution Author: nu11secur1ty Date: 2020-01-24 Vendor: Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7961 https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-7961 CVE:...
Liferay Portal Remote Code Execution Exploit
Liferay Portal versions prior to 7.2.1 CE GA2 exploit that gains code execution due to deserialization of untrusted data sent to the JSON web services interface. Exploit Title: Data in Liferay Portal prior to 7.2.1 CE GA2 - Remote code execution Author: nu11secur1ty Vendor: Link:...
Liferay Portal Java Unmarshalling Remote Code Execution Exploit
This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1. This module requires Metasploit: https://metasploit.com/download Current...
Liferay Portal Java Unmarshalling Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Liferay Portal Java Unmarshalling via JSONWS RCE', 'Description' = %q This module exploits a Java unmarshalling vulnerability via JSONWS in Lifer...
CVE-2020-7961
creationtimestamp| type| source ---|---|--- 2020-03-30 13:40:04+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/4056 2020-04-15 04:46:00+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/liferayjavaunmarshalling.rb 2020-04-16...
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...
CVE-2020-7961
The CVE-2020-7961 issue affects Liferay Portal’s JSONWS deserialization of untrusted data, enabling unauthenticated remote code execution. Vulnerable software is Liferay Portal prior to 7.2.1 CE GA2, where the root cause is unsafe deserialization in JSONWebServiceActionParameters processed via JS...
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS. Recent assessments: wvu-r7 at April 08, 2020 6:31pm UTC reported: A Metasploit module has been written:...