what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 85 RSS Feed

Files

ACROS Security Problem Report 2005-05-24.2
Posted Aug 14, 2005
Authored by Mitja Kolsek, ACROS Security | Site acrossecurity.com

WebLogic Server and WebLogic Express, Service Pack 4, suffer from an HTML injection vulnerability.

tags | advisory
SHA-256 | 4e1a06fc9b94d88a2cec7ac59f0f8068f2d468c16b54bafaf9f0330407427003

Related Files

Oracle WebLogic Server 14.1.1.0.0 Local File Inclusion
Posted Jan 27, 2022
Authored by Jonah Tan

Oracle WebLogic Server suffers from a local file inclusion vulnerability. Versions affected include 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0.

tags | exploit, local, file inclusion
advisories | CVE-2022-21371
SHA-256 | 201c7442b864057fc71cc40d8602d6406f7fb6b3d115cde62d9c902068b08cfa
Oracle WebLogic Server 12.2.1.0 Remote Code Execution
Posted Jan 26, 2021
Authored by CHackA0101

Oracle WebLogic Server 12.2.1.0 unauthenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2020-14882
SHA-256 | 687e6a9d4fa1a46d990ef0f9fd8058a57c920d074f7a469545c279d6cb6f40ab
Oracle WebLogic Server 14.1.1.0 Remote Code Execution
Posted Jan 22, 2021
Authored by Photubias

Oracle WebLogic Server version 14.1.1.0 authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2021-2109
SHA-256 | 5de2e01ef80f612e9e69dbbead3b803428556dfb968be312ac48a6f5baf5b1e3
Oracle WebLogic Server Remote Code Execution
Posted Oct 29, 2020
Authored by Nguyen Jang

Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2020-14882
SHA-256 | 269998241a3473e130c36a33e8a41a91634ae92b38578c7c0fcfcf81171abc62
WebLogic Server Deserialization Remote Code Execution
Posted May 21, 2020
Authored by Shelby Pace, Y4er, Jang | Site metasploit.com

This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable WebLogic servers.

tags | exploit, java, remote, code execution, protocol
advisories | CVE-2020-2555
SHA-256 | 520b0c827c8b01d8c2ca1ab697de7f2fc8a7e99f91c7209728f8431d3a566cea
Oracle WebLogic Server 12.2.1.4.0 Remote Code Execution
Posted Apr 14, 2020
Authored by nu11secur1ty, Ventsislav Varbanovski

Oracle WebLogic Server version 12.2.1.4.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-2555
SHA-256 | 9c56d605f71c80b479342376983e587c7ead9e49558f09b1b0984cf4969069df
Oracle Application Testing Suite WebLogic Server Administration Console War Deployment
Posted May 24, 2019
Authored by mr_me, sinn3r | Site metasploit.com

This Metasploit module abuses a feature in WebLogic Server's Administration Console to install a malicious Java application in order to gain remote code execution. Authentication is required, however by default, Oracle ships with a "oats" account that you could log in with, which grants you administrator access.

tags | exploit, java, remote, code execution
advisories | CVE-2007-2699
SHA-256 | d2ce49b369029d9ba6fa03bf3c938f41ab106d33a06609e2f00de1eb12b975c8
ASPRunner.NET 10.1 Denial Of Service
Posted May 10, 2019
Authored by Victor Mondragon

ASPRunner.NET version 10.1 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 3e6b67c27797bf679daa83913a8af2ebc7402f9e2474b369958000886932c4e3
Oracle Weblogic Server Deserialization Remote Code Execution
Posted May 7, 2019
Authored by Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host.

tags | exploit
advisories | CVE-2019-2725
SHA-256 | 7b103f91354f91a5368f07e6173b43d3e6d6c1255ccab672a82be3ddeaa8b9f2
Oracle Weblogic Server Deserialization RMI UnicastRef Remote Code Execution
Posted Apr 2, 2019
Authored by Jacob Baines, Aaron Soto, Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (sun.rmi.server.UnicastRef) to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2017-3248
SHA-256 | 7689bd250f236540a89962c75e10662698d550e3295c7ffa517147b01022d81f
Oracle Weblogic Server Deserialization MarshalledObject Remote Code Execution
Posted Apr 1, 2019
Authored by Jacob Baines, Aaron Soto, Andres Rodriguez | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.corba.utils.MarshalledObject) to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2016-3510
SHA-256 | 34887ed78f437dc71b9a27e469d90d560f20f0a52702a9df664219aa2a18b0f2
Oracle Weblogic Server Deserialization Remote Code Execution
Posted Mar 27, 2019
Authored by Steve Breen, Aaron Soto, Andres Rodriguez | Site metasploit.com

This Metasploit module demonstrates that an unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.jms.common.StreamMessag eImpl) to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2015-4852
SHA-256 | e9fa1048c7115283a85c77ab6fc28657f1c314f5367d3be58cd22dda512105d6
Oracle Weblogic Server Deserialization Remote Command Execution
Posted Mar 7, 2019
Authored by Allyshka

Oracle Weblogic Server deserialization remote command execution exploit with patch bypass.

tags | exploit, remote
advisories | CVE-2018-2628, CVE-2018-3245
SHA-256 | 837c2f0617dd4b3f41f05a46a57a7e73ab7bc936ea31caa66a3b2934f79ee87c
ASPRunner Professional 6.0.766 Denial Of Service
Posted Feb 1, 2019
Authored by Rafael Pedrero

ASPRunner Professional version 6.0.766 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 7bb520da2a37c0bdb24d2fc232b0e45e99f89e9f1db7dc094ed0a029b2c8f5e9
Oracle Weblogic Server Deserialization Remote Code Execution
Posted Aug 10, 2018
Authored by Jacob Robles, brianwrf | Site metasploit.com

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object to the interface to execute code on vulnerable hosts.

tags | exploit
advisories | CVE-2018-2628
SHA-256 | 3b706831a95e7ec9767cb60c343331abe8d92f1382ece3a3f50c5943e25d0275
Oracle WebLogic Server Java Deserialization Remote Code Execution
Posted Sep 29, 2017
Authored by SlidingWindow, FoxGloveSecurity

This exploit tests the target Oracle WebLogic Server for Java Deserialization remote code execution vulnerability. The ysoserial payload causes the target to send Ping requests to the attacking machine. You can monitor ICMP ECHO requests on your attacking machine using TCPDump to know if the exploit was successful. Feel free to modify the payload (chunk2) with that of your choice. Do not worry about modifying the payload length each time you change the payload as this script will do it for you on the fly. Versions affected include 10.3.6.0, 12.1.2.0, 12.1.3.0 and 12.2.1.0.

tags | exploit, java, remote, code execution
advisories | CVE-2015-4852
SHA-256 | ac556f1550022f3147ba71eb384d81217f8f01394258077e4047ca66a5f06464
Java PaaS / Cloud Services Security Issues
Posted Feb 1, 2014
Authored by Adam Gowdiak | Site security-explorations.com

Security Explorations discovered multiple security vulnerabilities in the environment of Oracle Java Cloud Service. Among a total of 28 issues found, there are 16 weaknesses that make it possible to completely break Java security sandbox of a target WebLogic server environment. An attacker can further leverage this to gain access to application deployments of other users of Oracle Java Cloud service in the same regional data center.

tags | advisory, java, vulnerability
SHA-256 | 652728a4db193f91cfd789d35f2cbce67c8d3fb9f86841ab4870dda696838141
Secunia Security Advisory 50994
Posted Oct 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle WebLogic Server and Oracle Event Processing, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 3a12e55761bfab5077620d2ebe0c7b23d5b241996c523ed57d046c3a0d09c866
Secunia Security Advisory 47618
Posted Jan 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Oracle WebLogic Server, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability, xss
SHA-256 | c4a12073ea5eb9090de20337ac16e4551a4c46429ba036252bc8901a113c5436
Secunia Security Advisory 46520
Posted Oct 20, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle WebLogic Server, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to disclose potentially sensitive information.

tags | advisory, local, vulnerability
SHA-256 | b768712c52a4bc8f7c9807dc6fe19147549d382ac94b85a911bad8ecb200b0f1
Hacking WebLogic
Posted Oct 12, 2011
Authored by Sysmox | Site sysmox.com

Whitepaper called Hacking WebLogic. It gives a brief overview of how to hack a default WebLogic server using a web browser.

tags | paper, web
SHA-256 | 77477751376cbf1dd5937b193eca2afb67787fcb5a3e0c217ea0c52936c41806
ACROS Security Problem Report 2011-08-18-2
Posted Aug 19, 2011
Authored by ACROS Security, Jure Skofic | Site acrossecurity.com

ACROS Security Problem Report #2011-08-18-2 - A binary planting vulnerability in Mozilla Thunderbird allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.

tags | advisory, remote, local
systems | windows
advisories | CVE-2011-2980
SHA-256 | 50de284a562edf3e280b13793e1465d67dae9d1e5e58327d7f298a855f29a9c1
ACROS Security Problem Report 2011-08-18-1
Posted Aug 19, 2011
Authored by ACROS Security, Jure Skofic | Site acrossecurity.com

ACROS Security Problem Report #2011-08-18-1 - A binary planting vulnerability in Mozilla Firefox allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.

tags | advisory, remote, local
systems | windows
advisories | CVE-2011-2980
SHA-256 | 81c08ec71122a547d4d5f3b499ccf4eb2eb2b4311cc7c73af9122046fa6db400
Secunia Security Advisory 44292
Posted Apr 24, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged a vulnerability in Weblogic Server, which can be exploited by malicious people to manipulate certain data.

tags | advisory
SHA-256 | 5e8a89620360665d510c81b8aab1ead65399e9ae02f2fc831da4718a0098571f
Oracle WebLogic Server 9 / 10 Session Fixation
Posted Mar 11, 2011
Authored by Roberto Suggi Liverani | Site security-assessment.com

Oracle WebLogic server versions 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 suffers from a session fixation vulnerability.

tags | advisory
advisories | CVE-2010-4437
SHA-256 | 326aa57bf65123e286554a7d1b6fea93e196390c46e10fb0b13ffcb6e4a7a1ef
Page 1 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close