72 matches found
CVE-2020-12835
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network...
CVE-2020-12835
Affected software: SmartBear ReadyAPI SoapUI Pro 3.2.5 (and related jProductivity Protection! licensing components). Issue: unsafe deserialization via a Java RMI-based protocol in an unsafe configuration that allows an attacker to inject malicious serialized objects, leading to remote code execut...
CVE-2019-12180
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...
CVE-2019-12180
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...
Design/Logic Flaw
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...
CVE-2019-12180
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...
CVE-2019-12180
CVE-2019-12180 affects SmartBear ReadyAPI (up to 2.8.2 and 3.0.0) and SoapUI (up to 5.5). The Groovy Load Script (triggered on project open) and Save Script (on save) may execute arbitrary Groovy code on the victim’s machine via a malicious project, enabling code execution. The Red Hat/Redirectio...
Exploit for CVE-2019-12180
CVE-2019-12180 Advisory & PoC SoapUI and ReadyAPI allow you t...
CVE-2017-16670
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...
CVE-2017-16670
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...
CVE-2017-16670
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...
Code injection
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...
CVE-2017-16670
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...
CVE-2017-16670
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...
CVE-2017-16670
The CVE-2017-16670 entry concerns SoapUI 5.3.0, where the project import functionality allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. The vulnerability affects the WSDL/project import path and can lead to code execution with high imp...
SoapUI 5.3.0 Code Execution Exploit
Exploit for java platform in category remote exploits Document Title: =============== SoapUI Arbitrary Code Execution via Malicious Project Product Description: =============== SoapUI is the world's most widely-used testing tool for SOAP and REST APIs. Write, run, integrate, and automate advanced...
SoapUI 5.3.0 Code Execution
Document Title: =============== SoapUI Arbitrary Code Execution via Malicious Project Product Description: =============== SoapUI is the world's most widely-used testing tool for SOAP and REST APIs. Write, run, integrate, and automate advanced API Tests with ease. Homepage: https://www.soapui.org...
SmartBear SoapUI 5.3.0 Remote Code Execution Via Deserialization Vulnerability
Exploit for java platform in category remote exploits Title: SmartBear SoapUI - Remote Code Execution via Deserialization Author: Jakub Palaczynski Date: 12. July 2017 Exploit tested on: ================== SoapUI 5.3.0 Also works on older versions. Vulnerability: Remote Code Execution via...
SmartBear SoapUI 5.3.0 Remote Code Execution Via Deserialization
Title: SmartBear SoapUI - Remote Code Execution via Deserialization Author: Jakub Palaczynski Date: 12. July 2017 Exploit tested on: ================== SoapUI 5.3.0 Also works on older versions. Vulnerability: Remote Code Execution via Deserialization: ================================= SoapUI by...
WS-Attacker v1.8 - Modular Framework For Web Services Penetration Testing
WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...