Lucene search
K

45 matches found

Nuclei
Nuclei
added 2026/06/29 5:52 a.m.119 views

Apache Struts2 S2-057 - Remote Code Execution

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...

9.3CVSS8AI score0.99993EPSS
Exploits41References5
Openbugbounty
Openbugbounty
added 2023/10/31 11:9 a.m.10 views

australiafair.com.au Cross Site Scripting vulnerability OBB-3770117

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.981 views

K60499474: Apache Struts vulnerability CVE-2018-11776

Security Advisory Description Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same possibility when using url tag which doesn't have value and...

9.3CVSS9.2AI score0.99993EPSS
Exploits41
Openbugbounty
Openbugbounty
added 2020/10/15 5:8 a.m.10 views

leadform.batscrm.com Cross Site Scripting vulnerability OBB-1408944

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/07/24 12:0 a.m.100 views

MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the following vulnerabilities in its subcomponents: - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is...

9.8CVSS8AI score0.99993EPSS
Exploits41References4
Tenable Nessus
Tenable Nessus
added 2020/07/16 12:0 a.m.286 views

Oracle Enterprise Manager Cloud Control (Jul 2020 CPU)

The 13.3.0.0, 13.4.0.0, and 12.1.0.5 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager...

9.8CVSS7.5AI score0.99993EPSS
Exploits48References7
GithubExploit
GithubExploit
added 2019/11/12 1:14 a.m.80 views

Exploit for CVE-2018-11776

GitHub Security Lab This is the main git repository of GitHu...

9.8CVSS7.9AI score0.99993EPSS
Exploits51
GithubExploit
GithubExploit
added 2019/10/10 1:9 p.m.8 views

Exploit for CVE-2018-11776

Apache-Struts-0Day-Exploit Critical Remote Code Execution...

9.3CVSS9.6AI score0.99993EPSS
Exploits41
GithubExploit
GithubExploit
added 2019/10/10 1:9 p.m.6 views

Exploit for CVE-2018-11776

Apache-Struts-0Day-Exploit Critical Remote Code Execution...

9.3CVSS9.6AI score0.99993EPSS
Exploits41
GithubExploit
GithubExploit
added 2019/10/10 1:9 p.m.6 views

Exploit for CVE-2018-11776

Apache-Struts-0Day-Exploit Critical Remote Code Execution...

9.3CVSS9.6AI score0.99993EPSS
Exploits41
IBM Security Bulletins
IBM Security Bulletins
added 2018/11/12 12:55 p.m.114 views

Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty

Summary Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections has addressed publicly disclosed vulnerability found by vFinder: Eclipse Jetty. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary cod...

9.3CVSS0.5AI score0.99993EPSS
Exploits41Affected Software1
vulnersOsv
vulnersOsv
added 2018/10/18 7:24 p.m.3 views

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +227 more potentially affected by CVE-2018-11776 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.34)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.2.3 and more Source cves: CVE-2018-11776 Source advisory: OSV:GHSA-CR6J-3JP9-RW65...

9.3CVSS7.3AI score0.99993EPSS
Exploits41
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/17 3:25 p.m.53 views

Security Bulletin: Apache Struts Vulnerability Can Affect IBM Sterling Order Management (CVE-2018-11776)

Summary IBM Sterling Order Management uses Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2 Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error...

9.3CVSS1.2AI score0.99993EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/25 1:15 p.m.77 views

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer

Summary Public disclosed vulnerability CVE-2018-11776 from Apache Struts affects IBM Spectrum LSF Explorer. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts namespace code execution CVSS Base Score: 9.8 CVSS Temporal Score: See for the current score CVSS Environmental Score:...

9.3CVSS0.4AI score0.99993EPSS
Exploits41Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/25 1:15 p.m.182 views

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Platform Application Center

Summary Public disclosed vulnerability CVE-2018-11776 from Apache Struts affects IBM Platform Application Center. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts namespace code execution CVSS Base Score: 9.8 CVSS Temporal Score: See for the current score CVSS Environmental...

9.3CVSS0.5AI score0.99993EPSS
Exploits41Affected Software1
Exploit DB
Exploit DB
added 2018/09/10 12:0 a.m.129 views

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Namespace Redirect OGNL Injection', 'Description' = %q This module exploits a remote code execution vulnerability in Apache Strut...

9.3CVSS8.5AI score0.99993EPSS
Exploits41
0day.today
0day.today
added 2018/09/08 12:0 a.m.1382 views

Apache Struts 2 Namespace Redirect OGNL Injection Exploit

This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in th...

9.3CVSS0.1AI score0.99993EPSS
Exploits41
Packet Storm
Packet Storm
added 2018/09/07 12:0 a.m.286 views

Apache Struts 2 Namespace Redirect OGNL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Namespace Redirect OGNL Injection', 'Description' = %q This module exploits a remote code execution vulnerability in Apache Strut...

0.3AI score0.99993EPSS
Exploits41
ThreatPost
ThreatPost
added 2018/09/05 5:48 p.m.205 views

Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild

It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...

10CVSS9.9AI score0.99999EPSS
Exploits118References10
Tenable Nessus
Tenable Nessus
added 2018/08/31 12:0 a.m.225 views

Cisco Identity Services Engine Struts2 Namespace Vulnerability

According to its self-reported version, the Cisco Identity Services Engine Software is affected by a struts2 namespace vulnerability. Please see the included Cisco BID and the Cisco Security Advisory for more information. TRUSTED...

9.3CVSS8.5AI score0.99993EPSS
Exploits41References3
Rows per page
Query Builder