80 matches found
K8tools
It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and anti-kill tools. The primary...
Exploit for CVE-2018-11776
PoC exploit for CVE-2018-11776, a Struts2 RCE vulnerability. The target product/service is Apache Struts 2, and the vulnerability class/vector is Remote Command Execution RCE. The probable entry point is the "help.action" URL, which is accessed via a specially crafted OGNL payload. The exploit is...
Exploit for CVE-2018-11776
Struts2-057/CVE-2018-11776两个版本RCE漏洞分析(含EXP) Ivan@360云影实验室 2018年08月24日 0x01 前言 ========= 2018年8月22日,Apache Strust2发布最新安全公告,Apache Struts2存在远程代码执行的高危漏洞(S2-057/CVE-2018-11776),该漏洞由Semmle Security Research team的安全研究员Man YueMo发现。该漏洞是由于在Struts2开发框架中使用namespace功能定义XML配置时,namespace值未被设置且在上层动作配置(Action...
Unspecified Vulnerability in Apache Struts2
Apache Struts is the United States Apache Apache Software Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. There is a security...
Exploit for Out-of-bounds Read in Openssl
This repository contains a collection of exploits and tools for various vulnerabilities, including CVE-2014-0160 Heartbleed, CVE-2014-6271 Shellshock, CVE-2017-5638 Apache Struts 2, and others. The repository includes Python scripts for exploiting these vulnerabilities, as well as documentation a...
com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +71 more potentially affected by CVE-2017-9787 +1 more via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10.1)
org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10.1 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2017-9787, CVE-2017-9805 Source advisory:...
org.apache.struts:struts2-assembly (>=2.5.1 <=2.5.14.1), org.apache.struts:struts2-rest-showcase (>=2.5.1 <=2.5.14.1) potentially affected by CVE-2017-15707 via org.apache.struts:struts2-rest-plugin (>=2.5.1 <=2.5.14.1)
org.apache.struts:struts2-rest-plugin MAVEN version =2.5.1, =2.5.1, =2.5.1, =2.5.14.1 Source cves: CVE-2017-15707 Source advisory: OSV:GHSA-XCRM-QPP8-HCW4...
com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +71 more potentially affected by CVE-2017-12611 +1 more via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10.1)
org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10.1 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2017-12611, CVE-2017-9805 Source advisory:...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +228 more potentially affected by CVE-2017-12611 +1 more via org.apache.struts:struts2-core (>=2.0.11 <=2.3.33)
org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.2.3 and more Source cves: CVE-2017-12611, CVE-2017-9805 Source advisory: OSV:GHSA-8FX9-5HX8-CRHM...
BSA-2018-700
Security Advisory ID : BSA-2018-700 Component : Apache Struts 2 Revision : 1.0: Final Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same...
Apache Struts2 S2-054 Denial of Service Vulnerability
Struts2 is Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects. Apache Struts2 suffers from a S2-054 denial of service vulnerability. Because the Apache Struts REST plugin uses an outdated JSON-lib library ...
Apache Struts (S2-048) Remote Command Execution Vulnerability
Apache Struts is an open source framework for creating enterprise Java Web applications. An S2-048 remote code execution vulnerability exists in Apache Struts2 version 2.3.x. The vulnerability exists in the Action Message class of a Showcase plugin for Struts2 and Struts1. The vulnerability exist...
Zhejiang Dahua DSS 3.0 Security New Platform Exists struts2-045 Remote Code Execution Vulnerability
DSS Digital Surveillance System is a highly integrated and powerful digital surveillance management system developed by Zhejiang Dahua Technology Co. Zhejiang Dahua DSS 3.0 security new platform uses Apache Struts 2 as the web application framework, because the software has a remote code executio...
Struts2 S2-016 Remote Command Execution Vulnerability in Shenzhen Huan Yu Huan Tong Logistics Website Management System
Shenzhen HuanYuHuTong Logistics Website Management System is a logistics website management system developed and maintained by HuanYuHuTong Information Technology Co. Shenzhen HuanYuHuTong logistics website management system uses Apache Struts xwork as the website application framework, due to th...
Struts2 Remote Command Execution Vulnerability in Shenzhen Pengjiao Project Management System
Shenzhen Pengjiao Project Management System is a product of Shenzhen Pengjiao Management Consultant Co., Ltd, which mainly serves primary and secondary schools, private educational institutions, government education and so on. A Struts2 remote command execution vulnerability exists in the Shenzhe...
Struts2 devMode Remote Command Execution Vulnerability in Chengdu Konsai Information Technology Co.
TeachCloud Resource Platform is an education informatization product for China's compulsory education education management institutions and schools, aiming at realizing regional or intra-school resource sharing and promoting the application of resources for "teaching" and "learning". The product...
Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04092)
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...
Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04090)
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise Java Web applications , mainly provides two versions of the framework product , Struts 1 and Struts 2. Apache...
Struts2 Command Execution Vulnerability in Government Network System
The Government Web System is a set of software designed to provide website building services for the government. A struts2 command-and-execute vulnerability exists in the GovWeb system, which can be exploited by an attacker to gain control of the website...
IPUB Networked Digital Signage Management System v5.5 suffers from struts2 Remote Command Execution Vulnerability
IPUB Networked Digital Signage Management System is a set of digital signage management software. A struts2 remote command execution vulnerability exists in v5.5 of this product, which can be exploited by an attacker to gain control of a website...