38 matches found
CVE-2019-11444
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a command.execute call, as demonstrated by "def cmd =" in the ServerAdminPortletscript value to group/controlpanel/manage. Valid...
PT-2019-12309 · Liferay · Liferay Portal
Name of the Vulnerable Software and Affected Versions: Liferay Portal CE version 7.1.2 GA3 Description: An issue in Liferay Portal CE allows an attacker to execute OS commands using the Groovy script console. This can be achieved via a command.execute call. The attacker needs valid credentials fo...
Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution Exploit #RCE
Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE Portal...
jenkins: cookie crafted using Jenkins script console allows unauthorised access to Jenkins instance
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g...
Snapchat: RCE/LFI on test Jenkins instance due to improper authentication flow
@nahamsec found a test Jenkins instance where they could login with any valid Google account. Once logged in, they gained the ability to execute arbitrary code via the Jenkins Script Console. This was a test jenkins instance with no access to source code or resources. Methodology Here is the...
Jenkins-CI Unauthenticated Script-Console Scanner
This module scans for unauthenticated Jenkins-CI script consoles and executes the specified command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'cgi' class MetasploitModule 'Jenkins-CI Unauthenticated...
Jenkins-CI Script-Console Java Execution
This module uses the Jenkins-CI Groovy script console to execute OS commands using Java. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins-CI Script-Console Java Execution', 'Description'...
Jenkins 1.578 - Multiple Vulnerabilities
No description provided by source. Affected Vendor: http://jenkins-ci.org/ Date: 03/09/2014 Discovered by: JoeV Type of vulnerability: CSRF and Command Execution Tested on: Windows 7 Version : 1.578 Description: Jenkins is susceptible to CSRF attack and command execution. Using groovy one can fir...
VMware Hyperic HQ Groovy Script-Console Java Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Jenkins Script-Console Java Execution
No description provided by source...
CVE-2013-6366
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime.exec call...
VMware Hyperic HQ Groovy Script-Console - Java Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'VMware Hyperic HQ...
Jenkins - Script-Console Java Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Jenkins...
Jenkins Script-Console Java Execution Vulnerability
Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
Jenkins CI Script Console Command Execution MSF Module Vulnerability
Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
Jenkins Script-Console Java Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Jenkins...
Jenkins CI Script Console - Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Jenkins...
Jenkins CI Script Console - Command Execution (Metasploit)
Jenkins CI Script Console - Command Execution Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...