Lucene search
K

18 matches found

vulnersOsv
vulnersOsv
added 2022/05/13 1:14 a.m.5 views

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +62 more potentially affected by CVE-2010-1870 via org.apache.struts:struts2-core (>=2.0.5 <=2.1.8.1)

org.apache.struts:struts2-core MAVEN version =2.0.5, =1.2.1, =0.6, =2.1.0, =1.8.3, =2.1.0, =2.0.0, =2.3.1 - com.toolazydogs.shiro:shiro-struts2 =1.0 and more Source cves: CVE-2010-1870 Source advisory: OSV:GHSA-X5FC-PGPX-59J5...

5CVSS7AI score0.91079EPSS
Exploits22
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Apache Struts < 2.2.0 - Remote Command Execution

No description provided by source. $Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

7.1AI score
Exploits0
myhack58
myhack58
added 2013/01/03 12:0 a.m.51 views

Struts2 vulnerability analysis of the Ognl expression characteristics of the initiator of the idea-vulnerability warning-the black bar safety net

0×0 1 Summary 0×0 2 background and principles of analysis 0×0 3 example simulation and tracking 0×0 4 Summary 0×0 1 Summary: In the Ognl expression, will be the brackets“”contains the variable content as a Ognl expression execution. Ognl expressions of this characteristic, triggering a new attack...

1.2AI score
Exploits0
myhack58
myhack58
added 2012/12/19 12:0 a.m.30 views

Struts2 vulnerability analysis of the Ognl expression characteristics of the initiator of new ideas-vulnerability warning-the black bar safety net

A, summary In Ognl expression, it will be in parentheses“”contains the variable content as a Ognl expression execution. Ognl expressions of this characteristic, triggering a new attack ideas. By the malicious code is stored into a variable, and then call in Ognl expressions in the function that...

0.7AI score
Exploits0
Metasploit
Metasploit
added 2012/03/21 9:43 p.m.53 views

Apache Struts Remote Command Execution

This module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions...

5CVSS1AI score0.91079EPSS
Exploits22
seebug.org
seebug.org
added 2011/08/20 12:0 a.m.30 views

Apache Struts &lt; 2.2.0 Remote Command Execution

No description provided by source. $Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

7.1AI score0.91079EPSS
Exploits22
Circl
Circl
added 2011/08/19 12:0 a.m.30 views

CVE-2010-1870

creationtimestamp| type| source ---|---|--- 2011-08-19 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/17691 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/strutscodeexec.rb 2023-12-18 12:03:36+00:00| seen|...

5CVSS8.5AI score0.91079EPSS
Exploits22References3
0day.today
0day.today
added 2011/08/19 12:0 a.m.56 views

Apache Struts < 2.2.0 Remote Command Execution

Exploit for multiple platform in category remote exploits $Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information ...

7.1AI score0.91079EPSS
Exploits22
VMware
VMware
added 2011/03/14 12:0 a.m.56 views

VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

a. Vulnerability in third party Apache Struts componentVMware vCenter Orchestrator is an application to automate management tasks. Alive Enterprise is an application to monitor processes. Both products embed Apache Struts which is a third party component.The following vulnerability has been...

5CVSS4AI score0.91079EPSS
Exploits22References1Affected Software2
OpenVAS
OpenVAS
added 2010/09/10 12:0 a.m.35 views

Struts Remote Command Execution Vulnerability

This host is running Struts and is prone to remote command execution vulnerability. OpenVAS Vulnerability Test $Id: gbapachestrutsremotecmdexecvuln.nasl 5263 2017-02-10 13:45:51Z teissa $ Struts Remote Command Execution Vulnerability Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Networ...

5CVSS0.5AI score0.91079EPSS
Exploits22References3
d2
d2
added 2010/08/17 8:0 p.m.58 views

DSquare Exploit Pack: D2SEC_STRUTS

Name| d2secstruts ---|--- CVE| CVE-2010-1870 Exploit Pack| D2ExploitPack Description| d2secstruts Notes|...

5CVSS1.7AI score0.91079EPSS
Exploits22
CVE
CVE
added 2010/08/17 5:31 p.m.202 views

CVE-2010-1870

The CVE-2010-1870 entry covers OGNL expression evaluation in XWork (Struts 2.0.0–2.1.8.1) with a permissive whitelist that allows remote modification of server-side context objects and bypass of the # protection via OGNL context variables (e.g., #context, #root, #this, etc.). Cisco advisory notes...

5CVSS9.1AI score0.91079EPSS
Exploits22References12Affected Software1
Check Point Advisories
Check Point Advisories
added 2010/08/11 12:0 a.m.39 views

Apache Struts2 ParametersInterceptor Remote Command Execution (CVE-2010-1870)

Apache Struts2 is a free framework for building Java web-based applications. A command execution vulnerability has been reported in the web application framework Apache Struts2. The vulnerability is due to insufficient input validation in the ParametersInterceptor component when parsing incoming...

5CVSS9.5AI score0.91079EPSS
Exploits22
Saint
Saint
added 2010/08/05 12:0 a.m.41 views

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

5CVSS9.9AI score0.91079EPSS
Exploits22
Saint
Saint
added 2010/08/05 12:0 a.m.30 views

Apache Struts2 XWork ParameterInterceptor security bypass

Added: 08/05/2010 CVE: CVE-2010-1870 BID: 41592 OSVDB: 66280 Background Apache Struts is a Java web application framework. Apache Struts version 2 is based on WebWork 2. WebWork 2 uses XWork to invoke actions based on HTTP parameter names. The ParameterInterceptor component of XWork runs the...

5CVSS9.9AI score0.91079EPSS
Exploits22
Tenable Nessus
Tenable Nessus
added 2010/07/29 12:0 a.m.447 views

Apache Struts 2 / XWork Remote Code Execution (safe check)

The remote web application appears to use Struts 2, a web framework that uses XWork. Due to a vulnerability in XWork, it is possible to disable settings designed to prevent remote code execution. A remote attacker can exploit this by submitting an HTTP request containing specially crafted OGNL...

5CVSS8.8AI score0.91079EPSS
Exploits22References4
Exploit DB
Exploit DB
added 2010/07/14 12:0 a.m.111 views

Struts2/XWork &lt; 2.2.0 - Remote Command Execution

Friday, July 9, 2010 CVE-2010-1870: Struts2/XWork remote command execution Update Tue Jul 13 2010: Added proof of concept Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 release of the Struts2 web framework which fixes...

5CVSS9.6AI score0.91079EPSS
Exploits22
0day.today
0day.today
added 2010/07/14 12:0 a.m.59 views

Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

Exploit for multiple platform in category remote exploits ============================================================ Struts2/XWork 2.2.0 Remote Command Execution Vulnerability ============================================================ Apache Struts team has announced uploaded but has not...

7.1AI score0.91079EPSS
Exploits22
Rows per page
Query Builder