Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 1:48 a.m.68 views

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251, CVE-2013-2248 CVE-2013-2135, CVE-2013-2134, CVE-2013-2115, CVE-2013-1966 and CVE-2013-1965)

Summary Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 Vulnerability Details Security Bulletin --- Summary --- Administrative access to the system vi...

9.8CVSS9.1AI score0.99998EPSS
Exploits33
OpenVAS
OpenVAS
added 2021/09/14 12:0 a.m.24 views

Apache Struts Security Update (S2-013, S2-014) - Version Check

The remote host is missing a security update for Apache Struts announced via the referenced advisories. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

8.1AI score
Exploits0References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Apache Struts includeParams Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
Huawei
Huawei
added 2013/07/30 12:0 a.m.124 views

Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products

Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller MVC architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts a...

9.8CVSS9.3AI score0.99998EPSS
Exploits32Affected Software26
OpenVAS
OpenVAS
added 2013/07/23 12:0 a.m.69 views

Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities

This host is running Apache Struts2 and is prone to arbitrary java method execution vulnerabilities. OpenVAS Vulnerability Test $Id: gbapachestruts2javamethodexecvuln.nasl 8373 2018-01-11 10:29:41Z cfischer $ Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities...

9.3CVSS0.8AI score0.72778EPSS
Exploits11References5
UbuntuCve
UbuntuCve
added 2013/07/10 7:55 p.m.37 views

CVE-2013-1966

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...

9.3CVSS7.3AI score0.71767EPSS
Exploits6References4
Prion
Prion
added 2013/07/10 7:55 p.m.34 views

Code injection

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...

9.3CVSS7.5AI score0.72778EPSS
Exploits11References4Affected Software1
CVE
CVE
added 2013/07/10 7:0 p.m.158 views

CVE-2013-1966

CVE-2013-1966 (and related Struts 2 OGNL flaws) enables remote code execution via crafted requests that abuse includeParams handling in the URL or A tag. Public docs in IBM advisories note affected IBM products (e.g., Sterling Order Management, Storwize Unified GUI/Storwize platforms) and specify...

9.3CVSS8AI score0.71767EPSS
Exploits6References4Affected Software1
Cvelist
Cvelist
added 2013/07/10 7:0 p.m.27 views

CVE-2013-1966

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...

8.1AI score0.71767EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2013/06/19 12:0 a.m.119 views

Apache Struts 2 Crafted Parameter Arbitrary OGNL Expression Remote Command Execution

The remote web application appears to use Struts 2, a web framework that utilizes OGNL Object-Graph Navigation Language as an expression language. Due to a flaw in the evaluation of an OGNL expression, a remote, unauthenticated attacker can exploit this issue to execute arbitrary commands on the...

9.3CVSS7.9AI score0.93813EPSS
Exploits12References5
Circl
Circl
added 2013/06/05 12:0 a.m.12 views

CVE-2013-1966

creationtimestamp| type| source ---|---|--- 2013-06-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/25980 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/strutsincludeparams.rb 2023-12-18 07:08:26+00:00| see...

9.3CVSS8.5AI score0.71767EPSS
Exploits6References4
Check Point Advisories
Check Point Advisories
added 2013/06/04 12:0 a.m.27 views

Apache Struts URL and Anchor tag includeParams OGNL Command Execution (CVE-2013-1966; CVE-2013-2115)

The url/a tags resolve every parameter passed to them, allowing arbitrary OGNL expressions encoded into the URL to be evaluated bypassing both Struts and OGNL library protections. Successful exploitation will allow an attacker to execute arbitrary commands in the context of the server...

9.3CVSS8.4AI score0.72778EPSS
Exploits11
seebug.org
seebug.org
added 2013/05/24 12:0 a.m.56 views

Apache Struts2 includeParams属性远程命令执行漏洞(CVE-2013-1966)

No description provided by source. 打开Struts Blank App中的 HelloWorld.jsp增加类似下列代码: s:url id="url" action="HelloWorld" includeParams="all" 运行 struts2-blank app 访问下列地址:...

9.3CVSS8.1AI score0.71767EPSS
Exploits6
Rows per page
Query Builder