92 matches found
XWork in Apache Struts Reveals Sensitive Information
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....
berkano:bean-displaytag (>=20050615.234814 <=20050616.015551), berkano:berkano-util (>=20050725.114415 <=dev-20050723) +28 more potentially affected by CVE-2007-4556 via opensymphony:xwork (>=1.0.3 <=1.2.2)
opensymphony:xwork MAVEN version =1.0.3, =20050615.234814, =20050725.114415, =2.1.5, =1.1.3, =1.0-alpha-1, =1.1-beta-1, =1.1-beta-1, =1.0-beta-2, =1.0-beta-3 - org.codehaus.jet:jet-web-engine =1.0-beta-2 and more Source cves: CVE-2007-4556 Source advisory: OSV:GHSA-H7MF-QRM9-2848...
OpenSymphony XWork vulnerable to improper input validation
XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression...
Atlassian Jira < 8.13.18 / 8.14.x < 8.20.6 / 8.21.x Authentication Bypass in Seraph (JRASERVER-73650)
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is affected by an authentication bypass vulnerability. Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to bypass authentication and...
Vulnerability fixed in Jira Seraph
A vulnerability has been fixed in Jira Seraph, the web framework used for authentication within Jira. The vulnerability allows a remote malicious party to circumvent authentication bypass authentication by sending a specially prepared HTTP request to the server. The application is only vulnerable...
Atlassian Confluence WebWork OGNL Injection
This module exploits an OGNL injection in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. Module Options msf use exploit/multi/http/atlassianconfluencewebworkognlinjection msf exploitatlassianconfluencewebworkognlinjection show targets ...targets... msf...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 Introduction This write-up provides an over...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 Introduction This write-up provides an over...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 Introduction This write-up provides an over...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 Introduction This write-up provides an over...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 Introduction This write-up provides an over...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 Introduction This write-up provides an over...
Metasploit Wrap-Up
Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...
Atlassian Confluence WebWork OGNL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence WebWork OGNL Injection', 'Description' = %q This module exploits an OGNL injection in Atlassian Confluence's WebWork compone...
Atlassian Confluence WebWork OGNL Injection
This module exploits an OGNL injection in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. Module Options msf use exploit/linux/http/atlassianconfluencewebworkognlinjection msf exploitatlassianconfluencewebworkognlinjection show targets ...targets... msf...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 Proof of concept for CVE-2021-26084. Confluen...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 - Confluence Server Webwork OGNL injection - A...
Confluence Server 7.12.4 OGNL Injection Remote Code Execution
Exploit Title: Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution RCE Unauthenticated Date: 01/09/2021 Exploit Author: h3v0x Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/confluence/download-archives Version: All 7.12.x versions befor...
webwork-community.net Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1135138 Security Researcher ELProfesor Helped patch 2791 vulnerabilities Received 8 Coordinated Disclosure badges Received 106 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting webwork-community.net...
webwork-community.net Cross Site Scripting vulnerability
Security Researcher haxmov Helped patch 543 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting webwork-community.net website and its users. Following...