Lucene search
+L

152 matches found

NVD
NVD
added 2018/03/27 9:29 p.m.23 views

CVE-2018-1327

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here...

7.5CVSS7.5AI score0.09224EPSS
Exploits1References7
OSV
OSV
added 2018/03/27 9:29 p.m.20 views

CVE-2018-1327

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here...

7.5CVSS7.8AI score
Exploits0References7
CVE
CVE
added 2018/03/27 9:0 p.m.114 views

CVE-2018-1327

CVE-2018-1327 affects the Apache Struts REST Plugin via the XStream deserialization path, enabling a remote DoS when a malicious XML payload is processed. The advisory chain shows that upgrading to Struts 2.5.16 and switching to the optional Jackson XML handler (or implementing a custom XML handl...

7.5CVSS7.4AI score0.09224EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2017/09/20 5:29 p.m.20 views

CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

7.5CVSS7.5AI score0.0902EPSS
Exploits0References7
Prion
Prion
added 2017/09/20 5:29 p.m.28 views

Design/Logic Flaw

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

5CVSS7AI score0.99461EPSS
Exploits23References7Affected Software1
UbuntuCve
UbuntuCve
added 2017/09/20 5:29 p.m.33 views

CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

7.5CVSS7.2AI score0.0902EPSS
Exploits0References2
OSV
OSV
added 2017/09/20 5:29 p.m.41 views

CVE-2017-9793

The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

7.5CVSS8.2AI score0.99461EPSS
Exploits23References7
ThreatPost
ThreatPost
added 2017/09/05 2:10 p.m.82 views

Patch Released for Critical Apache Struts Bug

The Apache Software Foundation has patched a critical remote code execution vulnerability affecting all versions of the popular application development framework Struts since 2008. All web applications using the framework’s REST plugin are vulnerable. Users are advised to upgrade their Apache...

10CVSS9.9AI score0.99999EPSS
Exploits66References9
RedhatCVE
RedhatCVE
added 2017/09/05 1:48 p.m.32 views

CVE-2017-9793

A flaw was found in the Struts REST plugin when using an outdated XStream library. An attacker could perform a denial of service attack using a malicious request with specially crafted XML payload...

7.5CVSS3.3AI score0.0902EPSS
Exploits0References2
0day.today
0day.today
added 2017/08/22 12:0 a.m.24 views

Sync Breeze Enterprise 9.9.16 Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title : Sync Breeze Enterprise 9.9.16 - 'Import Command' Buffer Overflow Discovery by : Anurag Srivastava Email : email protected Website : www.pyramidcyber.com Discovery Date : 21/08/2017 Software Link :...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2017/04/05 1:10 p.m.162 views

Adobe: Parameter tampering can result in product price manipulation

Parameters set during the shopping cart checkout workflow are vulnerable to tampering. By intercepting POST requests and manipulating the XML payload, product prices could be set to arbitrary values. P.O.C Video URL: https://youtu.be/3VMlV7jyzg...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2015/12/11 3:39 a.m.46 views

Coinbase: XXE in OAuth2 Applications gallery profile App logo

upload svg photo XML based as App logo contain XML payload renamed to .jpg server start execute this XML payload or just watch this video "https://www.dropbox.com/s/wkba6f0wrax0wr8/xxe.mp4?dl=0" the same vulnerability was in https://www.coinbase.com/careers and reported by...

7.2AI score
Exploits0
Rows per page
Query Builder