Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-4431
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method....
Apache
Struts
6.5
CVSSv2
CVE-2012-1592
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files....
Apache
Struts
1 EDB exploit available
6.8
CVSSv2
CVE-2016-4430
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors....
Apache
Struts
7.5
CVSSv2
CVE-2014-0113
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE:...
Apache
Struts
1 EDB exploit available
2 Github repositories available
5.8
CVSSv2
CVE-2013-4310
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix....
Apache
Struts
1 Article available
4.3
CVSSv2
CVE-2016-2162
Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display....
Apache
Struts
9.3
CVSSv2
CVE-2012-0392
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method....
Apache
Struts
1 EDB exploit available
4.3
CVSSv2
CVE-2005-3745
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message....
Apache
Struts
1 EDB exploit available
7.5
CVSSv2
CVE-2014-0112
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an...
Apache
Struts
2 EDB exploits available
1 Metasploit module available
3 Github repositories available
1 Article available
9.3
CVSSv2
CVE-2013-2251
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix....
Apache
Struts
1 EDB exploit available
1 Metasploit module available
31 Github repositories available
1 Article available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-0674
CVE-2020-7615
clink office
CVE-2017-18687
android
google
buffer overflow
communilink
spoof
CVE-2017-18691
CVE-2020-11512
CVE-2019-17026
cross-site scripting
« PREV
1
2
3
4
5
6
7
NEXT »
Vulmon