Apache Tomcat could allow a remote authenticated malicious user to execute arbitrary code on the system, caused by an unsafe deserialization when the server is configured to use the PersistenceManager with a FileStore. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache tomcat |
||
apache tomcat 9.0.0 |
||
apache tomcat 10.0.0 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
opensuse leap 15.1 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
canonical ubuntu linux 16.04 |
||
oracle instantis enterprisetrack |
CVE-2020-9484 Mass Scanner, Scan a list of urls for Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE
CVE-2020-9484-Mass-Scan CVE-2020-9484 Mass Scanner, Scan a list of urls against Apache Tomcat deserialization (CVE-2020-9484) which could lead to RCE, determine possible vulnerable hosts The web application will return HTTP 500 error upon exploitation, because it encounters a malicious serialized object instead of one that contains session information as it expects The Explo
用Kali 2.0复现Apache Tomcat Session反序列化代码执行漏洞
CVE-2020-9484 用Kali 20复现Apache Tomcat Session反序列化代码执行漏洞 CVE-2020-9484 环境: Kali 20 apache-tomcat-7061-CVE-2020-9484targz(webapp是s2-053,在其lib下加了commons-collections4-40jar) 启动 /yourtomcatdir/bin/startupsh 生成payload java -jar ysoserial-006-SNAPSHOT-alljar CommonsCollections2 "touch /tmp/9484" &
CVE-2020-9484 (Tomcat) For educational purposes only See Reference for the details Run $ cd CVE-2020-9484 $ docker build -t tomcat:groovy $ docker run -d -p 8080:8080 tomcat:groovy Exploit $ curl '127001:8080/indexjsp' -H 'Cookie: JSESSIONID=/////usr/local/tomcat/groovy' Check $ docker exec -it $CONTAINER /bin/sh $ ls /tmp/rce
用Kali 2.0复现Apache Tomcat Session反序列化代码执行漏洞
CVE-2020-9484 用Kali 20复现Apache Tomcat Session反序列化代码执行漏洞 CVE-2020-9484 环境: Kali 20 apache-tomcat-7061-CVE-2020-9484targz(webapp是s2-053,在其lib下加了commons-collections4-40jar) 启动 /yourtomcatdir/bin/startupsh 生成payload java -jar ysoserial-006-SNAPSHOT-alljar CommonsCollections2 "touch /tmp/9484" &
Remote Code Execution Exploit in Apache Tomcat 9027 Apache Tomcat 9027 is vulnerable to Remote Code Execution with the CVE-ID CVE-2020-9484 Other versions may be affected as well Tested on Kali 20204 and JDK 8 This bash script is a simpel proof-of-concept For educational purpose only Description The vulnerability allows a remote attacker to execute arbitrary code on t
CVE-2020-9484-exploit
README JAVA sigillabs/mobidex - Mobile trustless trading through Uniswap sigillabs/mobidex - Mobile trustless trading through Uniswap libplctag/libplctag - This C library provides a portable and simple API for accessing Allen-Bradley PLC data over Ethernet leicht/TuxPLC - Set of softwares allowing communication with industrial PLC HorizenOfficial/Sidechains-SDK - HorizenOffic
for Ubuntu 18.04, improve functions.
CVE-2020-9484 Reference Authored by redtimmysec, masahiro331 packetstormsecuritycom/files/157924/CVE-2020-9484tgz [+] I just analyzed 1-day exploit then remodeled Description Compared to the before PoC, it has the following advantages [+] Environment Script for Ubuntu 1804 [+] You can edit command to use to Remote Code Execution [+] The cookie value has been s
CVE-2020-9484 (Tomcat) For educational purposes only See Reference for the details Run $ git clone githubcom/masahiro331/CVE-2020-9484git $ cd CVE-2020-9484 $ docker build -t tomcat:groovy $ docker run -d -p 8080:8080 tomcat:groovy Exploit $ curl '127001:8080/indexjsp' -H 'Cookie: JSESSIONID=/////usr/local/tomcat/groovy'
Aware IM Application Stack
Aware IM Server Stack Servers, Components, Frameworks, Dependencies and other resources Aware IM is a rapid low-code application development tool that lets you create powerful aesthetically appealing web applications quickly Changelog Software Written in 100% Java programming language Aware IM is based on the plethora of Java technologies such as J2EE application server,
CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15
Middleware-Vulnerability-detection 实时更新较好用最新漏洞EXP,仅供已授权渗透测试使用 2020418项目迎来两位伙伴一起维护 @caizhuang @3ndz Apache --2019 Apache-flink 未授权访问任意 --2019 CVE-2019-0193 Apache-Solr via Velocity template RCE --20203 CVE-2019-17564 Apache-Dubbo反序列化漏洞 --2
Middleware-Vulnerability-detection 实时更新较好用最新漏洞EXP,仅供已授权渗透测试使用 2020418项目迎来两位伙伴一起维护 @caizhuang @3ndz Apache --2019 Apache-flink 未授权访问任意 --2019 CVE-2019-0193 Apache-Solr via Velocity template RCE --20203 CVE-2019-17564 Apache-Dubbo反序列化漏洞 --
Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.
Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests and grow the list Template Directory ├── LICENSE ├── READMEmd ├── basic-dete
Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile
Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASL (1) ASPNET (1) ActionScript (1) Arduino (2) Assembly (7) AutoHotkey (2) Batchfile (16) BitBake (5) Boo (1) C (286) C# (212) C++ (225) CMake (2) CSS (66) Classic ASP (2) Clojure (1) CoffeeScript (1) ColdFusion (1) Dart (1) Dockerfile (37) Emacs Lisp (1) Erlang (1) F# (2) Go (531) HCL (4)
平常看到好的各种工具的集合
Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP ActionScript Arduino Assembly AutoHotkey Batchfile BitBake Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang F# Game Maker Language Go HCL HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Nim OCaml Objective-C Objecti
Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile
The cheat sheet about Java Deserialization vulnerabilities
Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks & presentations & docs Payload generators Exploits Detect Vulnerable apps (without
公开收集所用
Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile
Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile
Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms
Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile
Compiled dataset of Java deserialization CVEs
Java-Deserialization-CVEs This is a dataset of CVEs related to Java Deserialization Since existing CVE databases do not allow for granular searches by vulnerability type and language, this list was compiled by manually searching the NIST NVD CVE database with different queries If you notice any discrepancies, contributions are very welcome! CVE ID Year CVSS 3/31 risk CV
2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总
欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处
PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745
PoC auto collect from GitHub.
PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr
PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android
Vulmon