21 matches found
EUVD-2025-203077
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...
VulnCheck KEV: CVE-2013-2134
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...
EUVD-2020-17628
Malware in sbrugna...
EUVD-2022-5822
Malicious code in bioql PyPI...
CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx...
CVE-2024-48245
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which...
CVE-2024-48245
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which...
UBUNTU-CVE-2024-46240
Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file...
CVE-2022-47075
An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx...
GHSA-XM92-V2MQ-842Q Apache Struts improper action name cleanup
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...
GHSA-GQQM-564F-VVXQ Arbitrary code execution in Apache Struts 2
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...
Security Bulletin: IBM Sterling Order Management is affected by Apache Struts 2 security vulnerabilities (CVE-2016-3093 , CVE-2016-4436)
Summary IBM Sterling Order Management uses Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2 Vulnerability Details CVEID: CVE-2016-3093 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used t...
CVE-2016-4436
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...
CVE-2016-4436
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...
Input validation
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...
CVE-2016-4436
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...
CVE-2016-4436
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up...
CVE-2013-2134
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...
Code injection
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...
CVE-2013-2134
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...