Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Apache Struts2 S2-045 RCE CVE-2017-5638 📌 Overview This...

EUVD-2022-1679

Malicious code in bioql PyPI...

Security Bulletin: CVE-2023-50164 affects Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary Vulnerability found in Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION:...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

Source of POC https://y4tacker.github.io/2024/12/16/year/2024/...

DoS (Denial of Service) org.apache.struts:struts2-core Dependency in Crowd Data Center and Server

This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.apache.struts:struts2-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security Bulletin: CVE-2023-50164 may affect Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary Vulnerability found in Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION:...

8220 Gang Targets Telecom and Healthcare in Global Cryptojacking Attack

By Deeba Ahmed The 8220 gang, believed to be of Chinese origins, was first identified in 2017 by Cisco Talos when they targeted Drupal, Hadoop YARN, and Apache Struts2 applications for propagating cryptojacking malware. This is a post from HackRead.com Read the original post: 8220 Gang Targets...

Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allo...

Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allo...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +203 more potentially affected by CVE-2012-0393 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.16.3)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.2.2, =1.4.0 and more Source cves: CVE-2012-0393 Source advisory: OSV:GHSA-HXQQ-W4MR-MC62...

GHSA-8M5Q-CRQQ-6PMF Unrestricted Upload of File with Dangerous Type in Apache Struts2

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. A patch exists as of version 2.5.22...

Exploit for Expression Language Injection in Apache Struts

CVE-2021-31805 PoC for CVE-2021-31805 Apache Struts2 CVE-20...

Exploit for Expression Language Injection in Apache Struts

Struts2S2-062CVE-2021-31805 Apache Struts2 S2-062 remote c...

Exploit for Expression Language Injection in Apache Struts

CVE-2021-31805 Remote code execution S2-062 CVE-2021-31805...

Metasploit Wrap-Up

Log4Shell - Log4j HTTP Scanner Versions of Apache Log4j impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP endpoint for the...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4JExploitation-VulnerabiliyCVE-2021-44228. !Untitled...

Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

An excruciating, easily exploited flaw in the ubiquitous Java logging library Apache Log4j could allow unauthenticated remote code execution RCE and complete server takeover — and it’s being exploited in the wild. The flaw first turned up on sites that cater to users of the world’s favorite game,...

MTN Group: RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh]

Summary: A Remote Code Execution vulnerability exists in Apache Struts2 when performing file upload based on Jakarta Multipart parser. It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to...

Security Advisory - Remote Code Execution vulnerability in Apache Struts2

The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered. With a carefully crafted request, this can lead to...

Apache Struts2 S2-059 Remote Code Execution Vulnerability

Struts2 is Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 suffers from an S2-059 remote code execution vulnerability. The vulnerability stems from the fact that the framework of Apache...