13 results (0.008 seconds)

CVSS: 9.3EPSS: 97%CPEs: 13EXPL: 13

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. Apache Struts, desde la versión 2.3 hasta la 2.3.34 y desde la versión 2.5 hasta la 2.5.16, sufre de una posible ejecución remota de código cuando el valor de alwaysSelectFullNamespace es "true" (establecido por el usuario o por un plugin como Convention Plugin). Además, los resultados se emplean sin ningún espacio de nombres y, al mismo tiempo, el paquete superior no tiene espacio de nombres o contiene caracteres comodín. De manera similar a como pasa con los resultados, existe la misma posibilidad al emplear la etiqueta url, que no tiene un valor y acción definidos y, además, su paquete superior no tiene espacio de nombres o contiene caracteres comodín. Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. • https://www.exploit-db.com/exploits/45260 https://www.exploit-db.com/exploits/45367 https://www.exploit-db.com/exploits/45262 https://github.com/hook-s3c/CVE-2018-11776-Python-PoC https://github.com/xfox64x/CVE-2018-11776 https://github.com/bhdresh/CVE-2018-11776 https://github.com/jiguangsdf/CVE-2018-11776 https://github.com/brianwrf/S2-057-CVE-2018-11776 https://github.com/knqyf263/CVE-2018-11776 https://github.com/cucadili/CVE-2018-11776 https://github.co •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal, CMP). Supported versions that are affected are 11.5 and 12.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Policy Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Policy Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Policy Management accessible data as well as unauthorized read access to a subset of Oracle Communications Policy Management accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101425 http://www.securitytracker.com/id/1039590 •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/99722 http://www.securitytracker.com/id/1038928 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/security/cve/CVE-2017-3633 https://bugzilla.redhat.com/show_bug.cgi?id=1472683 •

CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0

Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.23 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securityfocus.com/bid/74081 http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •

CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0

Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. Vulnerabilidad no especificada en Oracle MySQL Server 5.6.22 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con Optimizer. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032121 https://security.gentoo.org/glsa/201507-19 •