📄 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution

This script is a Python-based proof of concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server's WLS-WSAT component. The vulnerability allows unauthenticated attackers to execute arbitrary system commands via crafted SOAP requests sent to the...

Exploit for Deserialization of Untrusted Data in Vmware Spring_Framework

Reporte de Vulnerabilidad - Java Store Application Resumen...

EUVD-2022-3272

Malicious code in bioql PyPI...

GHSA-92J2-5R7P-6HJW Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML...

Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML...

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability v...

Exploit for OS Command Injection in Oracle Weblogic_Server

What is this? This is a poc of CVE-2017-3506Weblogic XMLD...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

PoC exploit for CVE-2017-10271, an unauthenticated Weblogic RCE. The target product/service is Weblogic, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the CoordinatorPortType SOAP endpoint. Notable dependencies/tooling include the requests library an...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

WebLogic Wls-wsat XMLDecoder 漏洞描述 mitre:https://vulners.com/cve/CVE-2017-3506 早期，黑客利用WebLogic WLS 组件漏洞对企业服务器发起大范围远程攻击，有大量企业的服务器被攻陷，且被攻击企业数量呈现明显上升趋势，需要引起高度重视。其中，CVE-2017-3506是一个利用Oracle WebLogic中WLS 组件的远程代码执行漏洞，属于没有公开细节的野外利用漏洞，大量企业尚未及时安装补丁。官方在 2017 年 4 月份就发布了该漏洞的补丁。 CVE-2017-3506补丁说明： public...

Arbitrary Code Execution

restlet is vulnerable to arbitrary code execution. A remote attacker is able to execute arbitrary Java code using a malicious XML document due to the default configuration of the ObjectRepresentation class which performs deserialization of objects from untrusted sources using the Java XMLDecoder...

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by a...

WebLogic Server re-aeration at high risk 0 day vulnerability-a vulnerability warning-the black bar safety net

6 May 11, Ali cloud security team found WebLogic CVE-2019-2725 patch to bypass the 0day vulnerabilities, and First Time reported in Oracle official, 6 January 12, get Oracle official confirmation. Since Oracle has not yet released an official patch, vulnerability details and real PoC are not...

IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6 and IBM JRE 7

Abstract Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR15 and earlier and IBM JRE 7.0 SR5 and earlier Content VULNERABILITY DETAILS There are multiple security vulnerabilities in the IBM Java Runtime Environment used ...

Oracle WebLogic Multiple Java Object Deserialization RCE

Binary data 700244.prm...

XMLDecoder deserialization vulnerability-vulnerability warning-the black bar safety net

Java misappropriation XMLDecoder parse the XML file moment, the presence of the password run the exploit. The sample XML file shown below: xml version="1.0" encoding="UTF-8"?& gt; java version="1.8.0131" class="java. beans. XMLDecoder" object class="java. lang. ProcessBuilder" array class="java...

Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder

Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder Vendor: Wieland Electric GmbH Product web page: http://www.wieland-electric.com Affected version: 4.1 Build 9 Summary: Your new software for the configuration of Wieland terminal rails. wieplan enables you to plan a...

Wieland wieplan 4.1 - Document Parsing Java Code Execution Using XMLDecoder

Exploit for multiple platform in category local exploits Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder Vendor: Wieland Electric GmbH Product web page: http://www.wieland-electric.com Affected version: 4.1 Build 9 Summary: Your new software for the configuration of...

Wieland wieplan 4.1 - Document Parsing Java Code Execution Using XMLDecoder

Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder Vendor: Wieland Electric GmbH Product web page: http://www.wieland-electric.com Affected version: 4.1 Build 9 Summary: Your new software for the configuration of Wieland terminal rails. wieplan enables you to plan a complet...

Wieland wieplan 4.1 - Document Parsing Java Code Execution Using XMLDecoder

Wieland wieplan 4.1 - Document Parsing Java Code Execution Using XMLDecoder Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder Vendor: Wieland Electric GmbH Product web page: http://www.wieland-electric.com Affected version: 4.1 Build 9 Summary: Your new software for the...

Wieland wieplan 4.1 Document Parsing Java Code Execution Using XMLDecoder

Summary Your new software for the configuration of Wieland terminal rails. wieplan enables you to plan a complete terminal rail in a very simple way and to then place an order with Wieland. The configured terminal rail can be stored in DXF format and read into a CAD tool for further processing. D...