piesecurity - Security Researcher - Exploit Intelligence Platform

CVE-2018-11776 NOMISEC HIGH WORKING POC

Apache Struts 2 Namespace Redirect OGNL Injection

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

123 stars

CVSS 8.1

View Code

CVE-2017-5638 GITLAB CRITICAL WORKING POC

Apache Struts < 2.3.32 - Improper Exception Handling

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

CVSS 9.8

View Code

CVE-2017-5638 GITLAB CRITICAL WORKING POC

Apache Struts < 2.3.32 - Improper Exception Handling

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

CVSS 9.8

View Code

CVE-2017-5638 GITLAB CRITICAL WORKING POC

Apache Struts < 2.3.32 - Improper Exception Handling

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

CVSS 9.8

View Code

CVE-2017-5638 GITLAB CRITICAL WORKING POC

Apache Struts < 2.3.32 - Improper Exception Handling

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

CVSS 9.8

View Code

CVE-2017-5638 GITLAB CRITICAL WORKING POC

Apache Struts < 2.3.32 - Improper Exception Handling

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

CVSS 9.8

View Code

CVE-2017-5638 GITLAB CRITICAL WORKING POC

Apache Struts < 2.3.32 - Improper Exception Handling

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

CVSS 9.8

View Code

CVE-2017-1000486 NOMISEC CRITICAL STUB

Primefaces Remote Code Execution Exploit

Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution

CVSS 9.8

View Code

CVE-2017-5638 NOMISEC CRITICAL WORKING POC

Apache Struts < 2.3.32 - Improper Exception Handling

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.

CVSS 9.8

View Code