Vulmon
Recent Vulnerabilities
Discussions
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
struts vulnerabilities and exploits
4.3
CVSSv2
CVE-2006-1548
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is...
Apache
Struts
4.3
CVSSv2
CVE-2012-1006
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to...
Apache
Struts
1 EDB exploit available
9.3
CVSSv2
CVE-2013-1966
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag....
Apache
Struts
1 EDB exploit available
1 Metasploit module available
4 Github repositories available
6.8
CVSSv2
CVE-2017-9805
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads....
Apache
Struts
1 EDB exploit available
1 Metasploit module available
60 Github repositories available
12 Articles available
7.5
CVSSv2
CVE-2006-1546
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do...
Apache
Struts
1 Github repository available
6.8
CVSSv2
CVE-2012-0394
** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability...
Apache
Struts
2 EDB exploits available
1 Metasploit module available
6.8
CVSSv2
CVE-2012-4386
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session...
Apache
Struts
5
CVSSv2
CVE-2008-6505
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2)...
Apache
Struts
1 EDB exploit available
6.4
CVSSv2
CVE-2012-0393
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object....
Apache
Struts
1 EDB exploit available
10
CVSSv2
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type,...
Apache
Struts
2 EDB exploits available
1 Metasploit module available
74 Github repositories available
12 Articles available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-20398
CVE-2019-19363
CVE-2020-7939
zonedirector 1200 firmware
CVE-2020-0601
information disclosure
CVE-2011-3622
libyang
path traversal
type confusion
CVE-2007-6758
ruckuswireless
cesnet
« PREV
1
2
3
4
5
6
7
8
9
NEXT »
Vulmon