Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webwork vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2006-0446
Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged malicious users to execute arbitrary commands as the web server via unknown attack vectors.
Webwork Webwork 2.1.3
Webwork Webwork 2.2-pre1
6.4
CVSSv2
CVE-2006-2839
Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and previous versions allows remote malicious users to read and write files outside of the templates directory.
Webwork Webwork
7.5
CVSSv2
CVE-2006-6629
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language prior to 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows malicious users to load arbitrary macro files whose names contain the strings (1) dangero...
Webwork Program Generation Language
5
CVSSv2
CVE-2011-2088
XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote malicious users to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerabil...
Opensymphony Xwork 2.2.1
Apache Struts 2.2.1
Opensymphony Xwork -
Opensymphony Webwork -
2.6
CVSSv2
CVE-2011-1772
Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x prior to 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote malicious users to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute...
Apache Struts 2.0.8
Apache Struts 2.0.6
Apache Struts 2.0.13
Apache Struts 2.0.12
Apache Struts 2.0.10
Apache Struts 2.0.0
Apache Struts 2.0.11.2
Apache Struts 2.0.11.1
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.0.4
Apache Struts 2.0.7
Apache Struts 2.2.1.1
Apache Struts 2.0.11
Apache Struts 2.0.9
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.0
Apache Struts 2.1.8
Apache Struts 2.1.8.1
Apache Struts 2.0.2
Apache Struts 2.0.5
1 EDB exploit
7.5
CVSSv2
CVE-2021-26084
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated malicious user to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from ve...
Atlassian Confluence Server
Atlassian Confluence Data Center
46 Github repositories
2 Articles
6.8
CVSSv2
CVE-2008-6531
The WebWork 1 web application framework in Atlassian JIRA prior to 3.13.2 allows remote malicious users to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
Atlassian Jira
4.3
CVSSv2
CVE-2019-14998
The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote malicious users to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.
Atlassian Jira Server
6.8
CVSSv2
CVE-2007-4556
Struts support in OpenSymphony XWork prior to 1.2.3, and 2.x prior to 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote malicious users to cause a de...
Opensymphony Xwork
7.5
CVSSv2
CVE-2017-16861
It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Cr...
Atlassian Fisheye
Atlassian Crucible
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started