Page 9 of 63 results (0.034 seconds)

CVSS: 9.3EPSS: 94%CPEs: 1EXPL: 0

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice. Apache Struts 2 anterior a v2.3.14.3 permite a atacantes remotos ejecutar código OGNL arbitrario mediante una solicitud con un valor especialmente diseñado que contiene las secuencias "${}" y "%{}", lo que produce que el código OGNL sea evaluado dos veces. • http://struts.apache.org/development/2.x/docs/s2-015.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/64758 https://cwiki.apache.org/confluence/display/WW/S2-015 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 95%CPEs: 1EXPL: 1

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135. Apache Struts 2 anterior a 2.3.14.3 permite a atacantes remotos la ejecución arbitraria de código OGNL a través de peticiones con un nombre de acción manipulado que no es manejado correctamente durante la comparación de comodines. Vulnerabilidad distinta de CVE-2013-2135. • https://www.exploit-db.com/exploits/38549 http://security.gentoo.org/glsa/glsa-201409-04.xml http://struts.apache.org/development/2.x/docs/s2-015.html http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/60346 http://www.securityfocus.com/bid/64758 https://cwiki.apache.org/confluence/display/WW/S2-015 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1

Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect. Apache Struts Showcase App versiones 2.0.0 hasta 2.3.13, como es usado en Struts versiones 2 anteriores a 2.3.14.3, permite a atacantes remotos ejecutar código OGNL arbitrario por medio de un nombre de parámetro diseñado que no es manejado apropiadamente cuando se invoca un redireccionamiento. • https://github.com/cinno/CVE-2013-1965 http://struts.apache.org/development/2.x/docs/s2-012.html http://www.securityfocus.com/bid/60082 https://bugzilla.redhat.com/show_bug.cgi?id=967655 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 1

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. Apache Struts versiones 2 anteriores a 2.3.14.2, permite a atacantes remotos ejecutar código OGNL arbitrario por medio de una petición diseñada que no es manejada apropiadamente cuando usa el atributo includeParams en la etiqueta (1) URL o (2) A. • https://www.exploit-db.com/exploits/25980 http://struts.apache.org/development/2.x/docs/s2-013.html http://www.securityfocus.com/bid/60166 https://bugzilla.redhat.com/show_bug.cgi?id=967656 https://cwiki.apache.org/confluence/display/WW/S2-013 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966. Apache Struts 2 anterior a 2.3.14.2, permite a atacantes remotos ejecutar código OGNL a través de una petición manipulada que no es manejada adecuadamente cuando se usa el atributo includeParams en la (1)URL o la (2) etiqueta A. NOTA: esta cuestión se debe a una corrección incorrecta del CVE-2013-1966. • https://www.exploit-db.com/exploits/25980 http://struts.apache.org/development/2.x/docs/s2-014.html http://www.securityfocus.com/bid/60167 https://bugzilla.redhat.com/show_bug.cgi?id=967656 https://cwiki.apache.org/confluence/display/WW/S2-014 • CWE-94: Improper Control of Generation of Code ('Code Injection') •