Deserialization of Untrusted Data in Liferay Portal

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...

Exploit for Deserialization of Untrusted Data in Liferay Liferay_Portal

CVE-2020-7961 Exploit script for CVE-2020-7961 Unauthenticated...

Liferay Portal Remote Code Execution

Exploit Title: Data in Liferay Portal prior to 7.2.1 CE GA2 - Remote code execution Author: nu11secur1ty Date: 2020-01-24 Vendor: Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7961 https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-7961 CVE:...

Liferay Portal Remote Code Execution Exploit

Liferay Portal versions prior to 7.2.1 CE GA2 exploit that gains code execution due to deserialization of untrusted data sent to the JSON web services interface. Exploit Title: Data in Liferay Portal prior to 7.2.1 CE GA2 - Remote code execution Author: nu11secur1ty Vendor: Link:...

Insecure Password Update

com.liferay.login.web is vulnerable to insecure password update. During the user password update, it is allowed to update the password via JSONWS without supplying their current password, leading to other attacks such as XSS, session hijacking, an unattended workstation or other vectors...

Liferay Portal Java Unmarshalling Remote Code Execution Exploit

This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1. This module requires Metasploit: https://metasploit.com/download Current...

Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Liferay Portal Java Unmarshalling via JSONWS RCE', 'Description' = %q This module exploits a Java unmarshalling vulnerability via JSONWS in Lifer...

Liferay Portal Java Unmarshalling Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Liferay Portal Java Unmarshalling via JSONWS RCE', 'Description' = %q This module exploits a Java unmarshalling vulnerability via JSONWS in Lifer...

Liferay Portal Java Unmarshalling via JSONWS RCE

This module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions 'Liferay Portal Java Unmarshalling via JSONWS RCE', 'Description' = %q This module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions 'Markus Wulftange', Discovery 'Thomas...

CVE-2020-7961

The CVE-2020-7961 issue affects Liferay Portal’s JSONWS deserialization of untrusted data, enabling unauthenticated remote code execution. Vulnerable software is Liferay Portal prior to 7.2.1 CE GA2, where the root cause is unsafe deserialization in JSONWebServiceActionParameters processed via JS...

CVE-2020-7961

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS. Recent assessments: wvu-r7 at April 08, 2020 6:31pm UTC reported: A Metasploit module has been written:...