Andreas Nusser

8 exploits Active since Jan 2012
CVE-2012-0393 EXPLOITDB text WORKING POC
Apache Struts <2.3.1.1 - Code Injection
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
CVE-2012-0392 EXPLOITDB text WORKING POC
Apache Struts < 2.3.1.1 - Remote Code Execution via CookieInterceptor
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
CVE-2012-0391 EXPLOITDB CRITICAL text WORKING POC
Apache Struts < 2.2.3.1 - Remote Code Execution via ExceptionDelegator OGNL Expression Injection
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
CVSS 9.8
CVE-2012-0394 METASPLOIT ruby WORKING POC
Apache Struts 2.0.0-2.3.16 - Remote Code Execution via DebuggingInterceptor
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
CVE-2012-0391 METASPLOIT CRITICAL ruby WORKING POC
Apache Struts < 2.2.3.1 - Remote Code Execution via ExceptionDelegator OGNL Expression Injection
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
CVSS 9.8
CVE-2012-0394 EXPLOITDB text WORKING POC
Apache Struts 2.0.0-2.3.16 - Remote Code Execution via DebuggingInterceptor
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
CVE-2012-0391 EXPLOITDB CRITICAL ruby WORKING POC
Apache Struts < 2.2.3.1 - Remote Code Execution via ExceptionDelegator OGNL Expression Injection
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
CVSS 9.8
CVE-2012-0394 EXPLOITDB ruby WORKING POC
Apache Struts 2.0.0-2.3.16 - Remote Code Execution via DebuggingInterceptor
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.