2549 matches found
Apache Struts Security Update (S2-012) - Active Check
Apache Struts is prone to a java method execution vulnerability. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
The remote ESXi is missing one or more security related Updates from VMSA-2012-0013. Summary VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities. Relevant releases VMware vCenter 4.1 without Update 3 VMware vCenter Update Manager 4.1...
VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries
a. vCenter and ESX update to JRE 1.6.0 Update 31 The Oracle Sun JRE is updated to version 1.6.031, which addresses multiple security issues. Oracle has documented the CVE identifiers that are addressed by this update in the Oracle Java SE Critical Patch Update Advisory of February 2012. b. vCente...
Apache Struts 2 ConversionErrorInterceptor Java Injection
Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...
Apache Struts 2 ConversionErrorInterceptor Java Injection
Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...
Apache Struts 2 ConversionErrorInterceptor Java Injection
Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...
Apache Struts 2 ConversionErrorInterceptor Java Injection
Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...
金蝶业务系统漏洞
简要描述: 金蝶业务系统漏洞,各种数据侧漏 详细说明: struts远程执行 漏洞证明:...
Apache Struts struts-examples upload-submit.do 'theText' Parameter XSS
The remote web server hosts struts-examples, a demonstration application for the Struts framework. Input passed via the 'theText' POST parameter to the 'upload-submit.do' page is not properly sanitized before using it to generate dynamic HTML. By tricking a user into clicking on a specially craft...
Apache Struts struts-cookbook processSimple.do message Parameter XSS
The remote web server hosts struts-cookbook, a demonstration application for the Struts framework. Input passed via the 'message' parameter to the 'processSimple.do' page is not properly sanitized before using it to generate dynamic HTML. By tricking someone into clicking on a specially crafted...
Apache Struts 2 struts2-showcase edit-person.action Persistent XSS
The remote web server hosts struts2-showcase, a demonstration application for the Struts 2 framework. Input passed via the 'name' and 'lastName' parameters to 'edit-person.action' is not properly sanitized, which can allow for arbitrary HTML and script code to be loaded onto the system and execut...
Apache Struts 2 struts2-rest-showcase orders 'clientName' Parameter Persistent XSS
The remote web server hosts Struts2-rest-showcase, a demonstration application for the Struts 2 framework. Input passed via the 'clientName' parameter to the orders page is not properly sanitized, which can allow for arbitrary HTML and script code to be loaded onto the system and executed when a...
葫芦岛市电子监察网struts命令执行漏洞
简要描述: 葫芦岛市电子监察网存在struts命令执行漏洞,政府网站的安全需要引起重视;查了下深圳太极软件有限公司开发的政府网站还比较多,希望该公司能尽快为客户解决该漏洞。 详细说明: 葫芦岛市电子监察网存在struts命令执行漏洞. 漏洞证明: 仅获取服务器信息,说明漏洞存在,不做进一步攻击...
struts <=2.1.8.1 远程命令执行漏洞
No description provided by source...
Apache Struts 2 CookieInterceptor OGNL Script Injection (CVE-2012-0392)
A code execution vulnerability has been reported in Apache Struts 2...
Apache Struts Remote Command Execution
This module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 'Johannes Dahse', Vulnerability discovery and PoC 'Andreas...
Apache Struts 2.2.1.1 Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Apache Struts 2.2.1.1 Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Apache Struts %q This module exploits...
Apache Struts 2.2.1.1 Remote Command Execution
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
Apache Struts 2.2.1.1 - Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Apache Struts %q This module exploits...