EUVD-2011-5043

Malware in sbrugna...

SECOM WRTM326 操作系统命令注入漏洞

The SECOM WRTM326 is a wireless router from China Zhongbao SECOM. An operating system command injection vulnerability exists in the SECOM WRTM326 versions prior to 2.3.20. The vulnerability stems from failure to properly validate specific parameters, which could allow a remote attacker to execute...

AZL-69869 CVE-2024-25584 affecting package dovecot 2.3.20-1

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest...

SUSE CVE-2014-0113

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists...

GHSA-WM8W-QP2F-728Q Apache Struts Open Redirect

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request...

GHSA-XG75-68X3-7P3Q Apache Struts vulnerable to possible DoS attack when using URLValidator

The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.13 allows remote attackers to cause a denial of service via a null value for a URL field...

PT-2022-9446 · WordPress · Svg Support

Name of the Vulnerable Software and Affected Versions: SVG Support WordPress plugin versions prior to 2.3.20 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of escaping in the CSS Class to target setting before it is outputted in an...

fintalk-pkg (>=2.3.20 <=2.3.22) potentially affected by CVE-2021-21304 via dynamoose (=2.3.0)

dynamoose NPM version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on dynamoose and may be impacted: - fintalk-pkg =2.3.20, =2.3.22 Source cves: CVE-2021-21304 Source advisory: OSV:GHSA-RRQM-P222-8PH2...

Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) - Linux

ClassLoader Manipulation in Apache Struts allows remote attackers to execute arbitrary Java code. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Apache Sling Servlets Post Cross-Site Scripting Vulnerability (CNVD-2017-37560)

Adobe Experience Manager AEM is the United States of America Ordoby Adobe can be used to build a set of web sites, mobile applications and forms of content management solutions. The program supports mobile content management, marketing and sales campaign management and multi-site management , etc...

Apache Struts 'Problem Report' XSS Vulnerability (S2-025)

Apache Struts is prone to a cross-site scripting XSS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2015-5169

Apache Struts is affected by an XSS vulnerability (CVE-2015-5169) present in Struts versions prior to 2.3.20. When debug mode is enabled, specially crafted inputs can trigger arbitrary script execution in a victim’s browser in the context of the web application. Public advisories and vendor notes...

Apache Sling Servlets Post 2.3.20 Cross Site Scripting Vulnerability

Exploit for multiple platform in category remote exploits CVE-2017-9802: Apache Sling XSS vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Sling Servlets Post 2.3.20 Description: The Javascript method Sling.evalString uses the javascript eval...

Apache Struts Convention Plugin Path Traversal Vulnerability

Struts2 is an extensible framework for building enterprise-class Jave Web applications. Struts 2.3.20 - 2.3.31 has a path traversal vulnerability in the Convention plugin, which can be exploited by an attacker to conduct path traversal and code execution attacks on the server side via a construct...

CVE-2016-4431

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method...

JVN#07710476: Apache Struts 2 vulnerable to remote code execution

Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. Web applications that are developed using Apache Struts 2 REST Plugin contain a remote code execution vulnerability. Note that the exploit code for this vulnerability is publicly...

Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04093)

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution', 'Description' = %q This module exploits a remo...

CVE-2015-1831

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors...

CVE-2015-1831

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors...