2549 matches found
HP/HPE/Micro Focus Universal CMDB RCE Vulnerability (HPESBGN03733)
HP/HPE/Micro Focus Universal CMDB is prone to a remote code execution RCE vulnerability in Apache Struts. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
Strutsy Strutsy - Mass exploitation of Apache Struts CVE-2017...
Apache Struts 2 Exploits Installing Cerber Ransomware
Attackers are attempting to exploit the recent Apache Struts vulnerability on Windows servers and the payload is a variant of the Cerber ransomware. The SANS Internet Storm Center on Thursday said it has seen numerous attempts during the past month to exploit the vulnerability in this way. The fl...
Struts2-045 Remote Code Execution Vulnerability in Aerohive Networks-HiveManager Online Web Management System
Aerohive Networks - HiveManager is an online web WEB management system. Aerohive Networks - HiveManager online web management system uses Struts2 framework as middleware, leading to a remote code execution vulnerability. This allows an attacker to gain server privileges by adding a payload for...
VMware - Remote Code Execution Vulnerability in vRealize Operations Manager
VMware - The vRealize Operation Manager platform is the management and analytics component that enables the world of VMware cloud computing. A remote code execution vulnerability exists in VMware - vRealize Operations Manager, which arises due to the platform's use of Struts2 as middleware,...
VMware Patches Pwn2Own VM Escape Vulnerabilities
VMware on Tuesday patched a series of vulnerabilities uncovered earlier this month at Pwn2Own. The flaws enabled an attacker to execute code on a workstation and carry out a virtual machine escape to attack a host server. Monty Ijzerman, manager of the company’s Security Response Center, confirme...
Update: Vulnerability found in Apache Struts
Akamai has created two new WAF rules in response to new information about the Apache Struts2 vulnerability. The first rule, the most recent version of KRS Rule 3000014, is a standard part of the Kona Ruleset and protects against the many common attacks leveraging this vulnerability. This rule is...
Aerohive Aerohive Network Device Management System suffers from s2-045 Remote Command Execution Vulnerability
Aerohive Networks HiveManager NMS is the management system for Aerohive's networking products.HiveManager enables simple policy creation, firmware upgrades, configuration updates, and centralized monitoring from a single console. Aerohive network equipment management system website packaging usin...
Aruba Networks - ClearPass Policy Manager suffers from s2-045 remote command execution vulnerability
Aruba Networks ClearPass is an access management system from Aruba Networks that integrates network control, application and device management capabilities. The Aruba Networks - ClearPass Policy Manager web package uses Apache Struts xwork as the web application framework. The file upload functio...
Jinnovision-JNDV Audio/Video Conference Converged Communication Platform s2-045 Remote Code Execution Vulnerability
JNDV audio/video conferencing converged communication platform is used to realize centralized monitoring, storage, data forwarding, management and control of all network video surveillance devices including network video servers and network cameras at the front end. Jinnovision-JNDV audio and vid...
Apache Struts ClassLoader Remote Code Execution Vulnerability
Apache Struts framework is based on Java Servlets, JavaBeans, and JavaServer Pages JSP Web application framework for open source projects. A remote code execution vulnerability exists in Apache Struts ClassLoader versions prior to 1.3.10 and prior to 2.3.16.2, which can be exploited by an attacke...
Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts ClassLoader Manipulation Remote Code Execution',...
S2-046: Struts 2 Remote Code Execution vulnerability(CVE-2017-5638)
It is possible to perform a RCE attack with a malicious Content-Disposition value or with improper Content-Length header. If the Content-Dispostion / Content-Length value is not valid an exception is thrown which is then used to display an error message to a user. This is a different vector for t...
Hikvision has s2-045 Remote Command Execution Vulnerability in Multiple Product Systems
Hikvision is a video-centric IoT solution and data operation service provider. Hikvision's multiple product systems use Apache Struts xwork as the website application framework. The file upload function of the Jakarta plug-in of this framework has a remote command execution vulnerability s2-045,...
S2-045 Remote Code Execution Vulnerability in 263 Enterprise Email Sites
263 enterprise mailbox site is an electronic mailbox launched by Beijing 263 Enterprise Communication Co. The 263 enterprise mailbox site uses Apache Struts xwork as the website application framework, the file upload function of the Jakarta plug-in of the framework has a remote command execution...
s2-045 remote command execution vulnerability in KINGOSOFT University Teaching Network Management System of Hunan Qingguo Software Co.
Hunan Qingguo Software Co., Ltd KINGOSOFT college teaching network management system is a technical solution for the construction of digital campus for colleges and universities. Hunan Qingguo Software Co., Ltd. KINGOSOFT university teaching network management system uses Apache Struts xwork as t...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
StrutsShell Apache Struts CVE-2017-5638 Shell Introducti...
Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638
Improves manipulation and sending commands to the vulnerable Apache Struts server using a shell. Usage: python Struts2Shell.py Download Struts2Shell...
Apache Struts 2 Jakarta Multipart Parser file upload command execution
Added: 03/16/2017 CVE: CVE-2017-5638 BID: 96729 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The Jakarta...
Apache Struts 2 Jakarta Multipart Parser file upload command execution
Added: 03/16/2017 CVE: CVE-2017-5638 BID: 96729 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The Jakarta...