Exploit for CVE-2018-11776

PoC exploit for CVE-2018-11776, a Struts2 RCE vulnerability. The target product/service is Apache Struts 2, and the vulnerability class/vector is Remote Command Execution RCE. The probable entry point is the "help.action" URL, which is accessed via a specially crafted OGNL payload. The exploit is...

Arbitrary code execution in Apache Commons BeanUtils

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

GHSA-P66X-2CV9-QQ3V Arbitrary code execution in Apache Commons BeanUtils

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

Oracle WebCenter Sites Multiple Vulnerabilities (April 2017 CPU)

Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities. - A remote code execution in the Oracle WebCenter Sites component of Oracle Fusion Middleware subcomponent: Install Apache Common Collections. An unauthenticated, remote attacker can exploit...

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerabilities.

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerabilities. Jackson-databind has known vulnerabilities in IBM Identity Governance and Intelligence. Vulnerability Details CVEID: CVE-2017-15095 DESCRIPTION: Jackson Library...

Security Bulletin: A vulnerability in Apache Struts affects IBM InfoSphere Information Server

Summary A vulnerability in Apache Struts used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote...

Security Bulletin: Multiple vulnerabilities affect IBM PureApplication System

Summary There are multiple vulnerabilities that affect IBM PureApplication System. IBM PureApplication System has addressed vulnerabilities. Vulnerability Details CVEID: CVE-2016-5699 DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation...

CVE-2015-2992

Apache Struts before 2.3.20 has a cross-site scripting XSS vulnerability...

CVE-2015-2992

Apache Struts before 2.3.20 has a cross-site scripting XSS vulnerability...

Cross site scripting

Apache Struts before 2.3.20 has a cross-site scripting XSS vulnerability...

CVE-2015-2992

Apache Struts before 2.3.20 has a cross-site scripting XSS vulnerability...

CVE-2015-2992

Apache Struts CVE-2015-2992 is an XSS vulnerability in Struts before 2.3.20, caused by improper validation of user input when JSP files are accessed directly. Exploitation could allow a remote attacker to run scripts in the victim’s browser and steal cookies. Affected products/versions include St...

Security Bulletin: IBM Sterling Order Management, IBM Sterling Configure, Price, Quote and Sterling Web Channel are affected by Apache Struts 2 security vulnerabilities

Summary IBM Sterling Order Management, IBM Sterling Configure Price Quote and Sterling Web Channel use Apache Struts 2 and are affected by some of the vulnerabilities that exist in Apache Struts 2. Now a vulnerability related to Apache Commons FileUpload version included with Apache Struts 2...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Predictive Customer Intelligence (CVE-2016-1181, CVE-2016-1182)

Summary IBM WebSphere Application Server is shipped with IBM Predictive Customer Intelligence. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: Security Vulnerabilities have been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2012-5783, CVE-2018-1614, CVE-2014-0114, CVE-2015-0899)

Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about security vulnerabilities affecting Websphere Application Server has been published in security bulletins. Vulnerability Details Please consult the security bulletins: Security Bulletin:...

Security Bulletin: Vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2014-0114, CVE-2014-0927, CVE-2014-0912)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway are affected by multiple security vulnerabilities. These vulnerabilities include: - Open Source Apache Struts V1 ClassLoader manipulation vulnerability - Improper Access Control - Information Disclosure Vulnerability Details...

Equifax Breach: Four Members of Chinese Military Charged with Hacking

U.S. authorities have charged four Chinese military officers in the 2017 Equifax data breach, which compromised the data of nearly 150 million. The four, Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei, are believed to be members of the 54th Research Institute of the Chinese People’s Liberation Army PLA...

U.S. Charges 4 Chinese Military Hackers Over Equifax Data Breach

The United States Department of Justice today announced charges against 4 Chinese military hackers who were allegedly behind the Equifax data breach that exposed the personal and financial data of nearly 150 million Americans. In a joint press conference held today with the Attorney General Willi...

Security Bulletin: Vulnerability in Apache Commons BeanUtils Affects IBM Sterling B2B Integrator (CVE-2014-0114)

Summary Apache Commons BeanUtils with Struts 1 does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacke...

Security Bulletin: Multiple Apache Struts Vulnerabilities Affect IBM Sterling B2B Integrator

Summary IBM Sterling B2B Integrator Standard Edition has addressed the following multiple vulnerabilities caused by Apach Struts 1.1 Vulnerability Details CVEID: CVE-2008-2025 DESCRIPTION: Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A...