Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

During an incident response performed by Kasperskys Global Emergency Response Team GERT and GReAT, we uncovered a novel multiplatform threat named "NKAbuse". The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +223 more potentially affected by CVE-2016-4436 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.28.1)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =1.2.6 and more Source cves: CVE-2016-4436 Source advisory: OSV:GHSA-XM92-V2MQ-842Q...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +298 more potentially affected by CVE-2019-0230 via org.apache.struts:struts2-core (>=2.0.11 <=2.5.20)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2019-0230 Source advisory: OSV:GHSA-WP4H-PVGW-5727...

UPDATE: Infection Monkey 1.6.1

PenTestIT RSS Feed I'm sure you must have read my previous post title the List of Adversary Emulation Tools. In that post, I briefly mentioned about the Guardicore Infection Monkey. Good news now is that it has been updated! We now have Infection Monkey 1.6.1. An important change about this versi...

cc.fozone.struts2:StreamResultX (=1.2), com.amashchenko.struts2.actionflow:struts2-actionflow-plugin (>=1.5.3 <=2.4.0) +183 more potentially affected by CVE-2017-5638 via org.apache.struts:struts2-core (>=2.3.1 <=2.3.31)

org.apache.struts:struts2-core MAVEN version =2.3.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.2.2, =1.4.1, =1.5.5, =1.7.4 and more Source cves: CVE-2017-5638 Source advisory: OSV:GHSA-J77Q-2QQG-6989...

Exploit for CVE-2018-11776

Vulnerable docker container for CVE-2018-11776 docker...

Exploit for CVE-2018-11776

CVE-2018-11776-Python-PoC hook-s3c github.com/hook-s3c, @hoo...

Apache Struts2 S2-053 Remote Code Execution Vulnerability

Struts2 is the Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 suffers from a S2-053 remote code execution vulnerability that causes an attacker to remotely execute a code attack when a...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Apache-Struts-2-CVE-2017-5638-Exploit This exploit exploits th...

Struts2 Remote Command Execution Vulnerability in Sinosoft's B2B Platform

Sinosoft B2B platform provides business-to-business e-commerce, i.e., the exchange of products, services and information between enterprises through the Internet. The platform has a Struts2 remote command execution vulnerability. An attacker can exploit the vulnerability to remotely execute...

用友软件旗下一网站存在一个Struts2漏洞可拿服务器

简要描述： 用友软件旗下一网站存在一个Struts2漏洞可拿服务器。主要因为漏洞不及时打上，账户权限过大。 详细说明： 今天闲来无事，在网上随意点了几下，发下了个漏洞。 存在漏洞的网址：http://pu.yonyouup.cn/login!loginIndexPage.action 漏洞证明： 首先，这是存在漏洞的网页：http://pu.yonyouup.cn/ 点进去后，会跳转到http://pu.yonyouup.cn/login!loginIndexPage.action ，于是我就猜想，是不是存在Struts2漏洞呢？就试了一下。 结果如图：...

Struts2 S2-0 2 0 in Tomcat 8 under command to perform the analysis-vulnerability warning-the black bar safety net

The Struts S2-0 2 0 this notice has been published for some time. Now we all know this vulnerability can cause a DOS, file downloads and other hazards, believe that the major manufacturers also have taken appropriate security measures. Today is to share with you about this vulnerability a little...

Apache Archiva 1.3.6 => Remote Command Execution Vulnerability

Exploit for multiple platform in category web applications Apache Archiva 1.3.6 = Remote Command Execution Author: Kacper Contact: infoatdevilteam.pl Home Page: https://devilteam.pl/ Vendor: http://archiva.apache.org/ Dork: "Apache Archiva \ Browse Repository" Description: Apache Archiva use Apac...

AWS Elastic Beanstalk Code Execution

Form:http://en.wooyun.org/bugs/wooyun-2013-040 Abstract£º AWS Elastic Beanstalk is an even easier way for you to quickly deploy and manage applications in the AWS cloud. elasticbeanstalk subdomain exists Struts2 code execution . Details£º poc return /ok:...

Struts2 vulnerability analysis of the Ognl expression characteristics of the initiator of the idea-vulnerability warning-the black bar safety net

0×0 1 Summary 0×0 2 background and principles of analysis 0×0 3 example simulation and tracking 0×0 4 Summary 0×0 1 Summary: In the Ognl expression, will be the brackets“”contains the variable content as a Ognl expression execution. Ognl expressions of this characteristic, triggering a new attack...