Meder Kydyraliev

9 exploits Active since Aug 2007
CVE-2010-1870 METASPLOIT ruby WORKING POC
Apache Struts 2.0.0-2.1.8.1 - Remote Code Execution via OGNL Context Variable Manipulation
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
CVE-2011-3923 METASPLOIT CRITICAL ruby WORKING POC
Apache Struts <2.3.1.2 - Command Injection
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
CVSS 9.8
CVE-2010-1622 EXPLOITDB text WRITEUP
Oracle Fusion Middleware < 2.5.7 - Code Injection
SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before 2.5.7.SR01, and 3.0.x before 3.0.3 allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
CVE-2010-1870 EXPLOITDB text WORKING POC
Apache Struts 2.0.0-2.1.8.1 - Remote Code Execution via OGNL Context Variable Manipulation
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
CVE-2007-4385 EXPLOITDB java WORKING POC
OWASP Stinger < 2.4 - Input Validation Bypass via Multipart Encoding
OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines.
CVE-2008-6504 EXPLOITDB text WORKING POC
OpenSymphony XWork 2.0.x < 2.0.6 and 2.1.x < 2.1.2 - Remote Code Execution via OGNL Context Object Reference
ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
CVE-2010-1870 EXPLOITDB ruby WORKING POC
Apache Struts 2.0.0-2.1.8.1 - Remote Code Execution via OGNL Context Variable Manipulation
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
CVE-2011-3923 EXPLOITDB CRITICAL ruby WORKING POC
Apache Struts <2.3.1.2 - Command Injection
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
CVSS 9.8
EIP-2026-102515 EXPLOITDB text WRITEUP
OpenCMS 6.0/6.2 - Multiple Unauthorized Access Vulnerabilities