Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache vulnerabilities and exploits
(subscribe to this query)
937
VMScore
CVE-2019-0232
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet i...
Apache Tomcat
Apache Tomcat 9.0.0
1 EDB exploit
8 Github repositories
936
VMScore
CVE-2016-3081
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote malicious users to execute arbitrary code via method: prefix, related to chained expressions.
Apache Struts 2.3.28
Apache Struts 2.3.4
Apache Struts 2.3.3
Apache Struts 2.3.15.1
Apache Struts 2.3.15
Apache Struts 2.3.1.1
Apache Struts 2.3.1
Apache Struts 2.1.6
Apache Struts 2.1.5
Apache Struts 2.0.7
Apache Struts 2.0.6
Apache Struts 2.0.12
Apache Struts 2.0.11.2
Apache Struts 2.3.24
Apache Struts 2.3.8
Apache Struts 2.3.16.2
Apache Struts 2.3.16.1
Apache Struts 2.3.16
Apache Struts 2.3.14.1
Apache Struts 2.3.14
Apache Struts 2.2.1.1
Apache Struts 2.2.1
1 EDB exploit
2 Github repositories
936
VMScore
CVE-2013-2251
Apache Struts 2.0.0 up to and including 2.3.15 allows remote malicious users to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Apache Struts 2.2.3.1
Apache Struts 2.3.4
Apache Struts 2.3.14.1
Apache Struts 2.0.8
Apache Struts 2.1.2
Apache Struts 2.0.14
Apache Struts 2.1.8.1
Apache Struts 2.2.1.1
Apache Struts 2.0.1
Apache Struts 2.0.3
Apache Struts 2.3.12
Apache Struts 2.3.1.2
Apache Struts 2.0.11.1
Apache Struts 2.3.14.3
Apache Struts 2.3.15
Apache Struts 2.2.1
Apache Struts 2.1.3
Apache Struts 2.1.0
Apache Struts 2.1.8
Apache Struts 2.0.0
Apache Struts 2.3.1
Apache Struts 2.3.7
1 EDB exploit
4 Github repositories
935
VMScore
CVE-2020-8655
An issue exists in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.
Eyesofnetwork Eyesofnetwork 5.3-0
1 EDB exploit
1 Github repository
935
VMScore
CVE-2015-7611
Apache James Server 2.3.2, when configured with file-based user repositories, allows malicious users to execute arbitrary system commands via unspecified vectors.
Apache James Server 2.3.2
1 EDB exploit
935
VMScore
CVE-2013-2134
Apache Struts 2 prior to 2.3.14.3 allows remote malicious users to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
Apache Struts
1 EDB exploit
935
VMScore
CVE-2013-1966
Apache Struts 2 prior to 2.3.14.2 allows remote malicious users to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
Apache Struts
1 EDB exploit
935
VMScore
CVE-2013-2115
Apache Struts 2 prior to 2.3.14.2 allows remote malicious users to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
Apache Struts
1 EDB exploit
935
VMScore
CVE-2010-1132
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote malicious users to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
Georg Greve Spamassassin Milter Plugin 0.3.1
1 EDB exploit
935
VMScore
CVE-2007-2079
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and previous versions for Windows uses untrusted input for the database server hostname, which allows remote malicious users to trigger a library buffer overflow and execute arbitrary code via a long host paramete...
Xampp Apache Distribution
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »