2549 matches found
Apache Struts double OGNL evaluation
Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...
Apache Struts double OGNL evaluation
Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...
Security Bulletin: Vulnerabilities in IBM Db2 and IBM Java Runtime affect IBM Spectrum Protect Server
Summary Multiple vulnerabilities in IBM Db2 and IBM Runtime Environment Java affect the IBM Spectrum Protect Server. The Java vulnerabilities were disclosed as part of the IBM Java SDK updates in January, April, and July 2020. Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Multiple vendo...
Apache Struts 2.x < 2.3.1.1 Multiple Vulnerabilities
The version of Apache Struts running on the remote host is prior to 2.3.1.1. It, therefore, affected by multiple vulnerabilities: - The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary command...
Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611
Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution RCE vulnerability via an unintentional expression in Freemarker tags, in Apache Struts. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fix...
Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611
Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution RCE vulnerability via an unintentional expression in Freemarker tags, in Apache Struts. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fix...
Remote Code Execution attack via unintentional expression in Freemarker tag - CVE-2017-12611
Affected versions of Atlassian FishEye/Crucible allow remote attackers to execute arbitrary code via a Remote Code Execution RCE vulnerability via an unintentional expression in Freemarker tags, in Apache Struts. The affected versions are before version 4.8.4. Affected versions: version 4.8.4 Fix...
Apache Struts 2.5.20 - Double OGNL evaluation Exploit
Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity, and the Github...
Apache Struts 2.5.20 Double OGNL Evaluation
Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Date: 08/18/2020 Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity,...
Apache Struts 2.5.20 - Double OGNL evaluation
Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Date: 08/18/2020 Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity,...
RED-V Super Digital Signage System RXV-A740R Log Information Disclosure
RED-V Super Digital Signage System RXV-A740R Log Information Disclosure Vendor: RED-V S.R.L. Product web page: https://www.red-v.tv https://red-v.tv/digital-signage.html Affected version: Model name: RXV-A740R Android version: 5.1.1 Firmware version: 026 Player version: 7.8.6 Downloader version:...
Selligent Message Studio Struts Code Execution (CVE-2013-2251)
Binary data selligentmessagestudioCVE-2013-2251.nbin...
Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. Vulnerability Details CVEID:...
Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. Vulnerability Details CVEID:...
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.x < 9.0.0.8 Security Bypass (CVE-2015-0899)
The IBM WebSphere Application Server running on the remote host is version 7.0.0.x through 7.0.0.45, 8.0.0.x through 8.0.0.15, 8.5.0.x prior to 8.5.5.14, or 9.x prior to 9.0.0.8. It is, therefore, affected by a vulnerability in the Apache Struts subcomponent deu to an error in the...
Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. Vulnerability Details CVEID:...
Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
Summary Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail. Vulnerability Details CVEID:...
Exploit for Prototype Pollution in Apache Struts
It is an offensive tool for Apache Struts 2 exploitation. The re...
LISTSERV Maestro 9.0-8 Remote Code Execution Vulnerability
An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be...
Selligent Message Studio Struts Code Execution (CVE-2017-5638)
Binary data selligentmessagestudiorce.nbin...