31 matches found
Exploit for Cross-Site Request Forgery (CSRF) in Concretecms Concrete_Cms
CVE-2017-5638 Apache Struts 2 RCE Proof of Concept This repos...
~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation
Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 CVSS score: 10.0, the vulnerability impacts out-of-date versions of the...
K20127031: Apache Struts vulnerability CVE-2012-0391
Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted...
SUSE CVE-2012-0391
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...
Apache Struts Improper Input Validation Vulnerability
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language OGNL expressions...
VulnCheck KEV: CVE-2013-2251
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language OGNL expressions...
Apache Struts 2.0.x < 2.0.9 RCE (S2-001)
The version of Apache Struts running on the remote host is 2.0.x prior to 2.0.9. It, therefore, is affected by a possible remote code execution vulnerability when OGNL expressions are evaluated in a form field. Note that Nessus has not tested for these issues but has instead relied only on the...
Apache Struts 2.x < 2.2.3.1 RCE (S2-007)
The version of Apache Struts running on the remote host is 2.x prior to 2.2.3.1. It, therefore, is affected by a possible remote code execution vulnerability when user-supplied input is evaluated as an OGNL expressions when there is a conversion error. Note that Nessus has not tested for these...
Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...
S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net
! 2018 4 months, I to Apache Struts and the Struts security team reported a new remote code execution vulnerability--CVE-2018-11776(S2-057 in to do some configuration on a server running Struts, and can be accessed via the carefully constructed URL to trigger the vulnerability. This discovery is ...
Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure, Price, Quote are affected by multiple Apache Struts 2 security vulnerabilities.
Summary IBM Sterling Order Management and IBM Sterling Configure Price Quote use Apache Struts 2 and are affected by some of the vulnerabilities that exist in Apache Struts 2. Vulnerability Details CVEID: CVE-2013-4310 Description: Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to...
Apache Struts 'TextParseUtil.translateVariables' RCE Vulnerability (S2-027) - Linux
Apache Struts is prone to a remote code execution RCE vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
PT-2017-2794
Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.3.33 Apache Struts versions 2.5 through 2.5.10.1 Description The issue exists due to incorrect handling of Object Graph Navigation Language OGNL expressions. Exploitation may allow a remote attacker to...
Apache Struts 2.x < 2.3.29 Multiple Vulnerabilities (S2-035 - S2-040)
The version of Apache Struts running on the remote Windows host is 2.x prior to 2.3.29. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists due to erroneously performing double OGNL evaluation of attribute values assigned to certain tags. A...
Apache Struts REST Plugin DMI Code Execution (CVE-2016-3087)
A code execution vulnerability exists in Apache Struts. The vulnerability is due the way the OGNL expressions are processed when DMI is enabled and the REST plugin is used. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitatio...
Apache Struts2 Denial of Service Vulnerability
Apache Struts is an open source framework for creating enterprise Java Web applications. Struts2 has a denial-of-service vulnerability vulnerability that can be exploited by an attacker to cause a denial-of-service attack by using OGNL expressions in the Apache Struts framework to implement calls...
MySQL Enterprise Monitor < 2.3.14 Apache Struts Multiple Vulnerabilities
According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the multiple vulnerabilities in the bundled version of Apache Struts : - Input validation errors exist that allows the execution of arbitrary Object-Graph Navigation Language OGNL...
Apache Struts ParametersInterceptor Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Apache Struts - Developer Mode OGNL Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts Developer Mode OGNL Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...
Apache Struts 2 Developer Mode OGNL Execution
This module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java code. This...