Atlassian Confluence Administrator Code Macro Remote Code Execution Exploit

This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This...

Atlassian Confluence Administrator Code Macro Remote Code Execution

This module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will...

Atlassian Confluence Administrator Code Macro Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Administrator Code Macro Remote Code Execution', 'Description' = %q This module exploits an authenticated administrator-leve...

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code...

OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

Oracle Java Applet Rhino Script Engine Policy Bypass (CVE-2011-3544)

A policy bypass vulnerability has been reported in Oracle Java SE. The vulnerability is due to an error in the way the Java Applet handles Rhino JavaScript errors. A remote attacker may exploit this issue by enticing a target user to open a specially crafted web-page or File. Successful...

VulnCheck KEV: CVE-2011-3544

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code...

Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

Java Applet Rhino Script Engine Remote Code Execution

This module exploits a vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java for example: IE, Firefox,...

Java Applet Rhino Script Engine Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'rex' class Metasploit3 'Jav...

New Java Vulnerability Coming Bundled With Exploit Kits

A recently discovered Java vulnerability that’s been circulating throughout the hacking underground has begun to show up alongside the BlackHole exploit kit, according to a post on Brian Krebs’ KrebsonSecurity blog. The National Vulnerability Database claims the vulnerability is found in the Java...

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability

Description Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Scripting' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6...