Lucene search
K

72 matches found

Cvelist
Cvelist
added 2020/05/20 1:1 p.m.46 views

CVE-2020-12835

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network...

9.8AI score0.117EPSS
Exploits3References4
CVE
CVE
added 2020/05/20 1:1 p.m.87 views

CVE-2020-12835

Affected software: SmartBear ReadyAPI SoapUI Pro 3.2.5 (and related jProductivity Protection! licensing components). Issue: unsafe deserialization via a Java RMI-based protocol in an unsafe configuration that allows an attacker to inject malicious serialized objects, leading to remote code execut...

9.8CVSS9.7AI score0.117EPSS
Exploits3References4Affected Software1
NVD
NVD
added 2020/02/05 5:15 p.m.28 views

CVE-2019-12180

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...

9.3CVSS7.5AI score0.04592EPSS
Exploits2References1
OSV
OSV
added 2020/02/05 5:15 p.m.4 views

CVE-2019-12180

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...

7.8CVSS7.4AI score0.04592EPSS
Exploits2References1
Prion
Prion
added 2020/02/05 5:15 p.m.20 views

Design/Logic Flaw

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...

9.3CVSS7.5AI score0.04592EPSS
Exploits2References1Affected Software2
Cvelist
Cvelist
added 2020/02/05 4:6 p.m.30 views

CVE-2019-12180

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...

7.5AI score0.04592EPSS
Exploits2References1
CVE
CVE
added 2020/02/05 4:6 p.m.62 views

CVE-2019-12180

CVE-2019-12180 affects SmartBear ReadyAPI (up to 2.8.2 and 3.0.0) and SoapUI (up to 5.5). The Groovy Load Script (triggered on project open) and Save Script (on save) may execute arbitrary Groovy code on the victim’s machine via a malicious project, enabling code execution. The Red Hat/Redirectio...

9.3CVSS7.4AI score0.04592EPSS
Exploits2References1Affected Software2
GithubExploit
GithubExploit
added 2020/01/20 5:33 p.m.146 views

Exploit for CVE-2019-12180

CVE-2019-12180 Advisory & PoC SoapUI and ReadyAPI allow you t...

9.3CVSS8AI score0.04592EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2018/02/20 12:48 a.m.23 views

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

8.8CVSS7.5AI score0.01656EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2018/02/19 7:29 p.m.4 views

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

7.8CVSS6.1AI score0.01656EPSS
Exploits2References2
NVD
NVD
added 2018/02/19 7:29 p.m.21 views

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

7.8CVSS7.8AI score0.01656EPSS
Exploits2References1
Prion
Prion
added 2018/02/19 7:29 p.m.15 views

Code injection

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

6.8CVSS7.8AI score0.01656EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2018/02/19 7:29 p.m.4 views

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

7.8CVSS6.1AI score0.01656EPSS
Exploits2References1
Cvelist
Cvelist
added 2018/02/19 7:0 p.m.31 views

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

7.8AI score0.01656EPSS
Exploits2References1
CVE
CVE
added 2018/02/19 7:0 p.m.49 views

CVE-2017-16670

The CVE-2017-16670 entry concerns SoapUI 5.3.0, where the project import functionality allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. The vulnerability affects the WSDL/project import path and can lead to code execution with high imp...

7.8CVSS7.8AI score0.01656EPSS
Exploits2References1Affected Software1
0day.today
0day.today
added 2018/02/12 12:0 a.m.65 views

SoapUI 5.3.0 Code Execution Exploit

Exploit for java platform in category remote exploits Document Title: =============== SoapUI Arbitrary Code Execution via Malicious Project Product Description: =============== SoapUI is the world's most widely-used testing tool for SOAP and REST APIs. Write, run, integrate, and automate advanced...

7.6AI score0.01656EPSS
Exploits2
Packet Storm
Packet Storm
added 2018/02/11 12:0 a.m.41 views

SoapUI 5.3.0 Code Execution

Document Title: =============== SoapUI Arbitrary Code Execution via Malicious Project Product Description: =============== SoapUI is the world's most widely-used testing tool for SOAP and REST APIs. Write, run, integrate, and automate advanced API Tests with ease. Homepage: https://www.soapui.org...

7.6AI score0.01656EPSS
Exploits2
0day.today
0day.today
added 2017/10/07 12:0 a.m.36 views

SmartBear SoapUI 5.3.0 Remote Code Execution Via Deserialization Vulnerability

Exploit for java platform in category remote exploits Title: SmartBear SoapUI - Remote Code Execution via Deserialization Author: Jakub Palaczynski Date: 12. July 2017 Exploit tested on: ================== SoapUI 5.3.0 Also works on older versions. Vulnerability: Remote Code Execution via...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/10/05 12:0 a.m.55 views

SmartBear SoapUI 5.3.0 Remote Code Execution Via Deserialization

Title: SmartBear SoapUI - Remote Code Execution via Deserialization Author: Jakub Palaczynski Date: 12. July 2017 Exploit tested on: ================== SoapUI 5.3.0 Also works on older versions. Vulnerability: Remote Code Execution via Deserialization: ================================= SoapUI by...

1.3AI score
Exploits0
Kitploit
Kitploit
added 2017/08/06 11:35 p.m.23 views

WS-Attacker v1.8 - Modular Framework For Web Services Penetration Testing

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

7.1AI score
Exploits0References1
Rows per page
Query Builder