281 matches found
com.amashchenko.struts2.actionflow:struts2-actionflow-plugin (=2.4.0), com.amashchenko.struts2.actionflow:struts2-actionflow-showcase (=2.4.0) +68 more potentially affected by CVE-2016-3081 via org.apache.struts:struts2-core (>=2.3.1.1 <=2.3.20.1)
org.apache.struts:struts2-core MAVEN version =2.3.1.1, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.1.0, =1.1.0, =2.0.1 - com.jgeppert.struts2.jquery:struts2-jquery-chart-plugin =3.3.0 - com.jgeppert.struts2.jquery:struts2-jquery-grid-plugin =3.3.0 - com.jgeppert.struts2.jquery:struts2-jquery-mobile-plugin...
org.apache.struts:struts2-apps (=2.3.28), org.apache.struts:struts2-assembly (=2.3.28) +39 more potentially affected by CVE-2016-3087 via org.apache.struts:struts2-core (=2.3.28)
org.apache.struts:struts2-core MAVEN version =2.3.28 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.struts:struts2-core and may be impacted: - org.apache.struts:struts2-apps =2.3.28 - org.apache.struts:struts2-assembly =2.3.28 -...
com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (>=2.5.1 <=4.0.1), com.jgeppert.struts2.jquery:struts2-jquery-grid-showcase (=4.0.3) +11 more potentially affected by CVE-2016-6795 via org.apache.struts:struts2-convention-plugin (>=2.5.1 <=2.5.33)
org.apache.struts:struts2-convention-plugin MAVEN version =2.5.1, =2.5.1, =1.0.0, =1.0.0, =1.0.0, =8.5.5-8.5.5-20220801, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.33 Source cves: CVE-2016-6795 Source advisory: OSV:GHSA-44HV-JJX7-QFJG...
com.github.kaitoy.sneo:giane (>=1.2.0 <=1.2.3), com.googlecode.struts2-conversation:struts2-conversation-scope-plugin (=1.3.1) +13 more potentially affected by CVE-2016-6795 via org.apache.struts:struts2-convention-plugin (>=2.3.1 <=2.3.30)
org.apache.struts:struts2-convention-plugin MAVEN version =2.3.1, =1.2.0, =1.1.0, =3.3.0, =3.3.0, =2.3.1, =2.3.1, =2.3.1, =2.3.1, =3.0.0, =4.0.0, =1.0, =1.2.2, =1.3.5 Source cves: CVE-2016-6795 Source advisory: OSV:GHSA-44HV-JJX7-QFJG...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +214 more potentially affected by CVE-2016-0785 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.20.1)
org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =1.2.6 and more Source cves: CVE-2016-0785 Source advisory: OSV:GHSA-876P-4WGC-75RX...
br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +115 more potentially affected by CVE-2013-2115 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.1)
org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =3.2.1 and more Source cves: CVE-2013-2115 Source advisory: OSV:GHSA-7GHM-RPC7-P7G5https://vulners.com/osv/OSV:GHSA-7GHM...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +133 more potentially affected by CVE-2013-2251 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.15)
org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.2.0, =1.0.3, =0.6, =3.0, =5.0.1 - com.google.inject.extensions:guice-struts2-plugin =2.0 - com.google.inject.integration:guice-struts2-plugin =1.0 - com.googlecode.rapid-framework:rapid-core =4.0 and more Source cves:...
ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +63 more potentially affected by CVE-2012-0393 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.3)
org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.0, =0.9.2, =0.9.0, =0.9.1 - io.forestframework:guice-struts2 =5.0.1.1 and more Source cves: CVE-2012-0393 Source advisory: OSV:GHSA-HXQQ-W4MR-MC62...
ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +63 more potentially affected by CVE-2012-0391 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.3)
org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.0, =0.9.2, =0.9.0, =0.9.1 - io.forestframework:guice-struts2 =5.0.1.1 and more Source cves: CVE-2012-0391 Source advisory: OSV:GHSA-4WRR-9H5R-M92W...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +80 more potentially affected by CVE-2012-0392 via org.apache.struts:struts2-core (>=2.0.5 <=2.2.3)
org.apache.struts:struts2-core MAVEN version =2.0.5, =1.2.1, =0.6, =3.0, =2.4.0, =2.1.0, =3.1.1 and more Source cves: CVE-2012-0392 Source advisory: OSV:GHSA-2PPP-XJ34-VVF7...
Unrestricted Upload of File with Dangerous Type in Apache Struts2
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. A patch exists as of version 2.5.22...
GHSA-8M5Q-CRQQ-6PMF Unrestricted Upload of File with Dangerous Type in Apache Struts2
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. A patch exists as of version 2.5.22...
Exploit for Expression Language Injection in Apache Struts
CVE-2021-31805 PoC for CVE-2021-31805 Apache Struts2 CVE-20...
Exploit for Expression Language Injection in Apache Struts
Struts2S2-062CVE-2021-31805 Apache Struts2 S2-062 remote c...
Exploit for Expression Language Injection in Apache Struts
CVE-2021-31805 Remote code execution S2-062 CVE-2021-31805...
be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +301 more potentially affected by CVE-2021-31805 via org.apache.struts:struts2-core (>=2.0.11 <=2.5.29)
org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2021-31805 Source advisory: OSV:GHSA-V8J6-6C2R-R27C...
Metasploit Wrap-Up
Log4Shell - Log4j HTTP Scanner Versions of Apache Log4j impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP endpoint for the...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4JExploitation-VulnerabiliyCVE-2021-44228. !Untitled...
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
An excruciating, easily exploited flaw in the ubiquitous Java logging library Apache Log4j could allow unauthenticated remote code execution RCE and complete server takeover — and it’s being exploited in the wild. The flaw first turned up on sites that cater to users of the world’s favorite game,...
Widespread Exploitation of Critical Remote Code Execution in Apache Log4j
Table of Contents Overview Affected versions Mitigation and detection guidance Rapid7 customers InsightVM and Nexpose InsightIDR and Managed Detection and Response Velociraptor tCell InsightCloudSec IntSights Attacks and campaigns External resources Updates Need clarity on detecting and mitigatin...