5 matches found
EUVD-2017-8035
Malware in sbrugna...
SUSE CVE-2019-0230
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...
Apache Struts 2.5.20 Double OGNL Evaluation
Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Date: 08/18/2020 Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity,...
Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-0785)
Summary An Apache Struts vulnerability was addressed by IBM Social Media Analytics 1.3.0 IF18. Vulnerability Details CVEID: CVE-2016-0785 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double OGNL evaluation of attribute values. By...
Design/Logic Flaw
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this vulnerability to execute Java code of their...