45 matches found
Apache Struts2 S2-057 - Remote Code Execution
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace...
australiafair.com.au Cross Site Scripting vulnerability OBB-3770117
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
K60499474: Apache Struts vulnerability CVE-2018-11776
Security Advisory Description Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same possibility when using url tag which doesn't have value and...
leadform.batscrm.com Cross Site Scripting vulnerability OBB-1408944
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
MySQL Enterprise Monitor 3.4.x < 3.4.10 / 4.x < 4.0.7 / 8.x < 8.0.3 Multiple Vulnerabilities (Oct 2018 CPU)
According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by the following vulnerabilities in its subcomponents: - Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is...
Oracle Enterprise Manager Cloud Control (Jul 2020 CPU)
The 13.3.0.0, 13.4.0.0, and 12.1.0.5 versions of Enterprise Manager Base Platform installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager...
Exploit for CVE-2018-11776
GitHub Security Lab This is the main git repository of GitHu...
Exploit for CVE-2018-11776
Apache-Struts-0Day-Exploit Critical Remote Code Execution...
Exploit for CVE-2018-11776
Apache-Struts-0Day-Exploit Critical Remote Code Execution...
Exploit for CVE-2018-11776
Apache-Struts-0Day-Exploit Critical Remote Code Execution...
Security Bulletin: Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections are affected by a publicly disclosed vulnerability found by vFinder: Eclipse Jetty
Summary Content Collector for Email, File Systems, Microsoft SharePoint and IBM Connections has addressed publicly disclosed vulnerability found by vFinder: Eclipse Jetty. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary cod...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +227 more potentially affected by CVE-2018-11776 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.34)
org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.2.3 and more Source cves: CVE-2018-11776 Source advisory: OSV:GHSA-CR6J-3JP9-RW65...
Security Bulletin: Apache Struts Vulnerability Can Affect IBM Sterling Order Management (CVE-2018-11776)
Summary IBM Sterling Order Management uses Apache Struts 2 and is affected by some of the vulnerabilities that exist in Apache Struts 2 Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error...
Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer
Summary Public disclosed vulnerability CVE-2018-11776 from Apache Struts affects IBM Spectrum LSF Explorer. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts namespace code execution CVSS Base Score: 9.8 CVSS Temporal Score: See for the current score CVSS Environmental Score:...
Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Platform Application Center
Summary Public disclosed vulnerability CVE-2018-11776 from Apache Struts affects IBM Platform Application Center. Vulnerability Details CVEID: CVE-2018-11776 DESCRIPTION: Apache Struts namespace code execution CVSS Base Score: 9.8 CVSS Temporal Score: See for the current score CVSS Environmental...
Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Namespace Redirect OGNL Injection', 'Description' = %q This module exploits a remote code execution vulnerability in Apache Strut...
Apache Struts 2 Namespace Redirect OGNL Injection Exploit
This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in th...
Apache Struts 2 Namespace Redirect OGNL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Namespace Redirect OGNL Injection', 'Description' = %q This module exploits a remote code execution vulnerability in Apache Strut...
Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...
Cisco Identity Services Engine Struts2 Namespace Vulnerability
According to its self-reported version, the Cisco Identity Services Engine Software is affected by a struts2 namespace vulnerability. Please see the included Cisco BID and the Cisco Security Advisory for more information. TRUSTED...