CVE-2018-25159

Epross AVCON6 systems management platform contains an object-graph navigation language OGNL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands by injecting malicious OGNL expressions. Attackers can send crafted requests to the login.action endpoint with OG...

EUVD-2016-5450

Malware in sbrugna...

Improper Input Validation in OpenSymphony XWork

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

The vulnerability of the Apache Struts software platform arises from incorrect processing of Object Graph Navigation Language expressions, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Struts software framework exists due to incorrect processing of expressions written in the Object Graph Navigation Language OGNL. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Freemaker package from the Apache Struts software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Freemaker package from the Apache Struts software platform exists due to incorrect processing of expressions written in the Object Graph Navigation Language OGNL. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

CVE-2008-6504

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

Design/Logic Flaw

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

CVE-2008-6504

CVE-2008-6504 affects OpenSymphony XWork (ParameterInterceptor) used in Apache Struts: OGNL refs to # context objects are not properly restricted, enabling remote OGNL evaluation and modification of server-side objects. Affected: XWork 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.2; vulnerability ...