Lucene search
K

31 matches found

GithubExploit
GithubExploit
added 2024/09/04 7:59 p.m.184 views

Exploit for Cross-Site Request Forgery (CSRF) in Concretecms Concrete_Cms

CVE-2017-5638 Apache Struts 2 RCE Proof of Concept This repos...

10CVSS9.8AI score0.99999EPSS
Exploits44
The Hacker News
The Hacker News
added 2024/01/23 9:34 a.m.69 views

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public disclosure. Tracked as CVE-2023-22527 CVSS score: 10.0, the vulnerability impacts out-of-date versions of the...

10CVSS8.2AI score0.99984EPSS
Exploits31
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.82 views

K20127031: Apache Struts vulnerability CVE-2012-0391

Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted...

9.8CVSS8.8AI score0.75071EPSS
Exploits11
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.6 views

SUSE CVE-2012-0391

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter...

9.8CVSS9.6AI score0.75071EPSS
Exploits11References3
CISA KEV Catalog
CISA KEV Catalog
added 2022/03/25 12:0 a.m.20 views

Apache Struts Improper Input Validation Vulnerability

Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language OGNL expressions...

9.8CVSS7.1AI score0.99998EPSS
In wildExploits18
VulnCheck KEV
VulnCheck KEV
added 2020/10/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2013-2251

Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language OGNL expressions...

9.8CVSS7.5AI score0.99998EPSS
Exploits18References1
Tenable Nessus
Tenable Nessus
added 2018/09/10 12:0 a.m.16 views

Apache Struts 2.0.x < 2.0.9 RCE (S2-001)

The version of Apache Struts running on the remote host is 2.0.x prior to 2.0.9. It, therefore, is affected by a possible remote code execution vulnerability when OGNL expressions are evaluated in a form field. Note that Nessus has not tested for these issues but has instead relied only on the...

5.7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/09/10 12:0 a.m.40 views

Apache Struts 2.x < 2.2.3.1 RCE (S2-007)

The version of Apache Struts running on the remote host is 2.x prior to 2.2.3.1. It, therefore, is affected by a possible remote code execution vulnerability when user-supplied input is evaluated as an OGNL expressions when there is a conversion error. Note that Nessus has not tested for these...

5.7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2018/09/05 5:48 p.m.205 views

Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild

It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...

10CVSS9.9AI score0.99999EPSS
Exploits118References10
myhack58
myhack58
added 2018/08/23 12:0 a.m.3205 views

S2-057 vulnerability in the original author's README: how to use automated tools find 5 RCE-vulnerability warning-the black bar safety net

! 2018 4 months, I to Apache Struts and the Struts security team reported a new remote code execution vulnerability--CVE-2018-11776(S2-057 in to do some configuration on a server running Struts, and can be accessed via the carefully constructed URL to trigger the vulnerability. This discovery is ...

10CVSS9.1AI score0.99999EPSS
Exploits96
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:34 p.m.51 views

Security Bulletin: IBM Sterling Order Management and IBM Sterling Configure, Price, Quote are affected by multiple Apache Struts 2 security vulnerabilities.

Summary IBM Sterling Order Management and IBM Sterling Configure Price Quote use Apache Struts 2 and are affected by some of the vulnerabilities that exist in Apache Struts 2. Vulnerability Details CVEID: CVE-2013-4310 Description: Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to...

10CVSS1.1AI score0.99998EPSS
Exploits35Affected Software1
OpenVAS
OpenVAS
added 2017/11/02 12:0 a.m.27 views

Apache Struts 'TextParseUtil.translateVariables' RCE Vulnerability (S2-027) - Linux

Apache Struts is prone to a remote code execution RCE vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

8.8CVSS8.8AI score0.05663EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2017/09/05 12:0 a.m.5 views

PT-2017-2794

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.3.33 Apache Struts versions 2.5 through 2.5.10.1 Description The issue exists due to incorrect handling of Object Graph Navigation Language OGNL expressions. Exploitation may allow a remote attacker to...

9.8CVSS9.6AI score0.99461EPSS
Exploits28References29
Tenable Nessus
Tenable Nessus
added 2016/06/24 12:0 a.m.162 views

Apache Struts 2.x < 2.3.29 Multiple Vulnerabilities (S2-035 - S2-040)

The version of Apache Struts running on the remote Windows host is 2.x prior to 2.3.29. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists due to erroneously performing double OGNL evaluation of attribute values assigned to certain tags. A...

9.8CVSS8.7AI score0.17171EPSS
Exploits2References14
Check Point Advisories
Check Point Advisories
added 2016/06/23 12:0 a.m.12 views

Apache Struts REST Plugin DMI Code Execution (CVE-2016-3087)

A code execution vulnerability exists in Apache Struts. The vulnerability is due the way the OGNL expressions are processed when DMI is enabled and the REST plugin is used. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitatio...

7.5CVSS4AI score0.81087EPSS
Exploits4
CNVD
CNVD
added 2016/06/01 12:0 a.m.5 views

Apache Struts2 Denial of Service Vulnerability

Apache Struts is an open source framework for creating enterprise Java Web applications. Struts2 has a denial-of-service vulnerability vulnerability that can be exploited by an attacker to cause a denial-of-service attack by using OGNL expressions in the Apache Struts framework to implement calls...

5.3CVSS9.4AI score0.08667EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/05/08 12:0 a.m.59 views

MySQL Enterprise Monitor < 2.3.14 Apache Struts Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the multiple vulnerabilities in the bundled version of Apache Struts : - Input validation errors exist that allows the execution of arbitrary Object-Graph Navigation Language OGNL...

10CVSS7.2AI score0.99998EPSS
Exploits19References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.63 views

Apache Struts ParametersInterceptor Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

0.5AI score0.88829EPSS
Exploits16
Exploit DB
Exploit DB
added 2014/02/05 12:0 a.m.128 views

Apache Struts - Developer Mode OGNL Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts Developer Mode OGNL Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...

6.8CVSS7AI score0.74405EPSS
Exploits9
Metasploit
Metasploit
added 2014/01/26 12:17 a.m.30 views

Apache Struts 2 Developer Mode OGNL Execution

This module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java code. This...

6.8CVSS7.8AI score0.74405EPSS
Exploits9
Rows per page
Query Builder