Lucene search
K

8 matches found

CNVD
CNVD
added 2017/08/28 12:0 a.m.2 views

FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-26444)

FineCms is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the controllers/member/api.php file in FineCms version 5.0.11. A remote attacker can exploit this vulnerability to inject arbitrary Web script or...

6.1CVSS6.1AI score0.00781EPSS
Exploits0References1
myhack58
myhack58
added 2017/04/14 12:0 a.m.51 views

TYPO3 CMS news management module SQL injection vulnerability analysis with exp-a vulnerability warning-the black bar safety net

Foreword By POST, to send orderByAllowed and orderBy, we will be able to control part of the SQL statement and get the injection vulnerabilities. The body The news module is TYPO3(Typo3 content management system the most commonly used one of the modules, and now will be subject toSQL...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/04/05 12:0 a.m.62 views

HelpDEZK 1.1.1 CSRF / Code Execution

Exploit Title: Multiple CSRF Remote Code Execution Vulnerability on HelpDEZK 1.1.1 Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.helpdezk.org/ Software Link: https://codeload.github.com/albandes/helpdezk/zip/v1.1...

8.8AI score0.03487EPSS
Exploits6
Saint
Saint
added 2017/03/16 12:0 a.m.91 views

Apache Struts 2 Jakarta Multipart Parser file upload command execution

Added: 03/16/2017 CVE: CVE-2017-5638 BID: 96729 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The Jakarta...

10CVSS10AI score0.99999EPSS
Exploits44
Saint
Saint
added 2016/05/06 12:0 a.m.63 views

Apache Struts Dynamic Method Invocation command execution

Added: 05/06/2016 CVE: CVE-2016-3081 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. The Dynamic Method Invocation...

9.3CVSS8.3AI score0.9416EPSS
Exploits12
Saint
Saint
added 2012/08/02 12:0 a.m.50 views

Apache Struts 2 ConversionErrorInterceptor Java Injection

Added: 08/02/2012 CVE: CVE-2012-0391 OSVDB: 78277 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem Struts uses...

9.8CVSS8.8AI score0.75071EPSS
Exploits11
myhack58
myhack58
added 2011/09/01 12:0 a.m.14 views

VELOCITY local code execution vulnerability-vulnerability warning-the black bar safety net

by emptiness prodigal heart velocity is a J2EE MVC architecture the most commonly used presentation layer template file, due to the excellent performance, very much of the J2EE Application, use this template. Usually when in use, and other framework-binding, the most common framework is struts2,...

0.2AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2009/10/04 12:0 a.m.7 views

Apache Struts Classes Directory Traversal (CVE-2008-6505)

Apache Struts is a Java-based web application development framework. Unlike JSP and Servelets, Struts encourage good application design by enforcing MVC Model-View-Controller architecture for separation of concerns like business logic Model from web-page design View and navigational code...

5CVSS6.9AI score0.72522EPSS
Exploits0
Rows per page
Query Builder