WebLogic Server and WebLogic Express, Service Pack 4, suffer from an HTML injection vulnerability.
4e1a06fc9b94d88a2cec7ac59f0f8068f2d468c16b54bafaf9f0330407427003Oracle WebLogic Server suffers from a local file inclusion vulnerability. Versions affected include 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.
201c7442b864057fc71cc40d8602d6406f7fb6b3d115cde62d9c902068b08cfaOracle WebLogic Server 12.2.1.0 unauthenticated remote code execution exploit.
687e6a9d4fa1a46d990ef0f9fd8058a57c920d074f7a469545c279d6cb6f40abOracle WebLogic Server version 14.1.1.0 authenticated remote code execution exploit.
5de2e01ef80f612e9e69dbbead3b803428556dfb968be312ac48a6f5baf5b1e3Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 remote code execution exploit.
269998241a3473e130c36a33e8a41a91634ae92b38578c7c0fcfcf81171abc62This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers.
520b0c827c8b01d8c2ca1ab697de7f2fc8a7e99f91c7209728f8431d3a566ceaOracle WebLogic Server version 12.2.1.4.0 suffers from a remote code execution vulnerability.
9c56d605f71c80b479342376983e587c7ead9e49558f09b1b0984cf4969069dfThis Metasploit module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you administrator access.
d2ce49b369029d9ba6fa03bf3c938f41ab106d33a06609e2f00de1eb12b975c8ASPRunner.NET version 10.1 denial of service proof of concept exploit.
3e6b67c27797bf679daa83913a8af2ebc7402f9e2474b369958000886932c4e3An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host.
7b103f91354f91a5368f07e6173b43d3e6d6c1255ccab672a82be3ddeaa8b9f2An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (sun.rmi.server.UnicastRef) to the interface to execute code on vulnerable hosts.
7689bd250f236540a89962c75e10662698d550e3295c7ffa517147b01022d81fAn unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.corba.utils.MarshalledObject) to the interface to execute code on vulnerable hosts.
34887ed78f437dc71b9a27e469d90d560f20f0a52702a9df664219aa2a18b0f2This Metasploit module demonstrates that an unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.jms.common.StreamMessag eImpl) to the interface to execute code on vulnerable hosts.
e9fa1048c7115283a85c77ab6fc28657f1c314f5367d3be58cd22dda512105d6Oracle Weblogic Server deserialization remote command execution exploit with patch bypass.
837c2f0617dd4b3f41f05a46a57a7e73ab7bc936ea31caa66a3b2934f79ee87cASPRunner Professional version 6.0.766 suffers from a denial of service vulnerability.
7bb520da2a37c0bdb24d2fc232b0e45e99f89e9f1db7dc094ed0a029b2c8f5e9An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object to the interface to execute code on vulnerable hosts.
3b706831a95e7ec9767cb60c343331abe8d92f1382ece3a3f50c5943e25d0275This exploit tests the target Oracle WebLogic Server for Java Deserialization remote code execution vulnerability. The ysoserial payload causes the target to send Ping requests to the attacking machine. You can monitor ICMP ECHO requests on your attacking machine using TCPDump to know if the exploit was successful. Feel free to modify the payload (chunk2) with that of your choice. Do not worry about modifying the payload length each time you change the payload as this script will do it for you on the fly. Versions affected include 10.3.6.0, 12.1.2.0, 12.1.3.0 and 12.2.1.0.
ac556f1550022f3147ba71eb384d81217f8f01394258077e4047ca66a5f06464Security Explorations discovered multiple security vulnerabilities in the environment of Oracle Java Cloud Service. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center.
652728a4db193f91cfd789d35f2cbce67c8d3fb9f86841ab4870dda696838141Secunia Security Advisory - A vulnerability has been reported in Oracle WebLogic Server and Oracle Event Processing, which can be exploited by malicious people to bypass certain security restrictions.
3a12e55761bfab5077620d2ebe0c7b23d5b241996c523ed57d046c3a0d09c866Secunia Security Advisory - Two vulnerabilities have been reported in Oracle WebLogic Server, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
c4a12073ea5eb9090de20337ac16e4551a4c46429ba036252bc8901a113c5436Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle WebLogic Server, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to disclose potentially sensitive information.
b768712c52a4bc8f7c9807dc6fe19147549d382ac94b85a911bad8ecb200b0f1Whitepaper called Hacking WebLogic. It gives a brief overview of how to hack a default WebLogic server using a web browser.
77477751376cbf1dd5937b193eca2afb67787fcb5a3e0c217ea0c52936c41806ACROS Security Problem Report #2011-08-18-2 - A binary planting vulnerability in Mozilla Thunderbird allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
50de284a562edf3e280b13793e1465d67dae9d1e5e58327d7f298a855f29a9c1ACROS Security Problem Report #2011-08-18-1 - A binary planting vulnerability in Mozilla Firefox allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
81c08ec71122a547d4d5f3b499ccf4eb2eb2b4311cc7c73af9122046fa6db400Secunia Security Advisory - Oracle has acknowledged a vulnerability in Weblogic Server, which can be exploited by malicious people to manipulate certain data.
5e8a89620360665d510c81b8aab1ead65399e9ae02f2fc831da4718a0098571fOracle WebLogic server versions 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 suffers from a session fixation vulnerability.
326aa57bf65123e286554a7d1b6fea93e196390c46e10fb0b13ffcb6e4a7a1ef
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed