2549 matches found
struts2 latest s2-0 1 6 code execution vulnerability-vulnerability warning-the black bar safety net
Affected version: Struts 2.0.0 – Struts 2.3.15 Vulnerability description: The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with “action:” or “redirect:”, followed by a desired navigational target Expression. This mechanism was...
CVE-2013-6348
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to 1 actionNames.action and 2 showConfig.action in config-browser/...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to 1 actionNames.action and 2 showConfig.action in config-browser/...
CVE-2013-6348
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to 1 actionNames.action and 2 showConfig.action in config-browser/...
CVE-2013-6348
CVE-2013-6348 refers to multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.x (specifically
CVE-2013-6348
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.3.15.3 allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to 1 actionNames.action and 2 showConfig.action in config-browser/...
Apache Struts 2.x <= 2.3.15.3 XSS Vulnerability
Apache Struts is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts...
Struts 2.3.15.3 Cross Site Scripting
Abstract£º The latest version of the current official struts-2.3.15.3£¬struts2-showcase.war demo XSS still exist! Details£º I found an update of the official demo of Strust2, so I did a test. It used to be able to filter, escape input and escape output, but why didn¡¯t it escape this time? Proofs...
Cisco Fixes DoS, Remote Code Execution Bugs in Six Products
Telecommunications company Cisco rolled out three patches for multiple products yesterday, addressing vulnerabilities that could’ve led to a denial of service DoS attack or allowed an attacker to execute code and obtain sensitive information. Per usual, Cisco’s Product Security Incident Respoinse...
Multiple Vulnerabilities in Cisco Identity Services Engine
Cisco Identity Services Engine ISE contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These vulnerabilities are independent of each other; a release that is affected b...
Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products
Multiple Cisco products include an implementation of the Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests...
Apache Fixes Information Disclosure Vuln in Shindig
The Apache Software Foundation released a new version of Shindig, a framework for Web applications yesterday, fixing what the collective has deemed an important information disclosure vulnerability. According to a post on Seclists.org by Ryan Baxter, an Apache Shindig committer, the problem affec...
Apache-Struts DefaultActionMapper < 2.3.15.1 RCE Linux
Apache-Struts2 RCE Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Apache Struts Update Patches Two Vulnerabilities
The group behind Apache have pushed out a new version of Struts, fixing two issues in the framework that were giving developers difficulties over the past several weeks. The Apache Software Foundation posted version 2.3.15.3 of the framework online Tuesday. The release fixes an access control...
Apache-Struts IncludeParams < 2.3.14.2 RCE Linux
Apache-Struts2 / OpenSymphony-Xwork RCE Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Apache-Struts Showcase < 2.3.14.1 RCE Linux
Apache Struts Crafted Parameter Arbitrary OGNL Code Execution Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Apache Struts XWork Error Page Multiple Cross-Site Scripting (CVE-2011-1772)
A Cross-Site Scripting vulnerability has been reported in Apache Struts. The vulnerabilities are due to unsanitized parameters in various automatically generated error pages. A remote attacker can exploit these vulnerabilities by enticing a victim to follow a specially crafted link. Successful...
[ANN] Struts 2.3.15.2 GA release available - security fix
The Apache Struts group is pleased to announce that Struts 2.3.15.2 is available as a "General Availability" release.The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is designed ...
CVE-2013-4310
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix...
CVE-2013-4316
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...