2549 matches found
PT-2025-21817 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a remote code execution problem. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this...
PT-2025-21151 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a command injection problem. No specific details about affected devices, real-world incidents, or technical exploitation details such as API endpoints, vulnerable...
PT-2025-20612 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a command injection vulnerability. No specific details about the number of potentially affected devices or real-world incidents are provided. Recommendations: At th...
PT-2025-20006 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a command injection problem. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was...
PT-2025-17988 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue allows an authenticated end-user to potentially run a script while the portal attempts to display a directory or some file's properties. Recommendations: At the moment, ther...
PT-2025-17995 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue is related to a deserialization vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...
DS-Java 注入漏洞
DS-Java is a forum system built on SSH Struts2+Spring+Hibernate by sixteen individual developers. DS-Java 1.0 version of the injection vulnerability exists, the vulnerability stems from the file src/com/phn/action/FileUpload.java in the uploadUserPic.action function of the fileUpload parameter of...
DS-Java 安全漏洞
DS-Java is a forum system built on SSH Struts2+Spring+Hibernate by sixteen individual developers. A security vulnerability exists in DS-Java version 1.0, which stems from vulnerability to cross-site request forgery attacks...
PT-2025-17366 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a command injection problem. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was...
PT-2025-17362 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue is related to command injection in Apache Struts. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this...
Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2014-0114...
PT-2025-16034 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a remote code execution problem. No specific details about affected devices or real-world incidents are provided. Recommendations: At the moment, there is no...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
Exploit CVE-2023-50164 para o Laboratório HackTheBox Descr...
Linux Distros Unpatched Vulnerability : CVE-2015-0899
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page...
Linux Distros Unpatched Vulnerability : CVE-2016-1181
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute...
Linux Distros Unpatched Vulnerability : CVE-2016-1182
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct...
PT-2025-7321 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a remote code execution vulnerability. No specific details about the vulnerability, affected devices, or real-world incidents are provided due to the rejection or...
New episode “In The Trend of VM” (#11): vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024
New episode "In The Trend of VM" 11: vulnerabilities that became trending in December and the final report on trending vulnerabilities for 2024. I made this episode exclusively for the Telegram channel @avleonovcom "Vulnerability Management and More". Video on YouTube, LinkedIn Post on Habr rus...
SUSE CVE-2023-41835
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fi...
SUSE CVE-2023-50164
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...