Spring Framework XXE Injection
Spring Framework versions 3.x and 4.x suffer from an XML external entity (XXE) injection vulnerability.
View ArticleNexus Repository Manager 3.21.1-01 Remote Code Execution
This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01.
View ArticleApache OFBiz XML-RPC Java Deserialization
This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.
View ArticleTelerik UI ASP.NET AJAX RadAsyncUpload Deserialization
This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the...
View ArticleApache Struts 2 Forced Multi OGNL Evaluation
The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will...
View ArticleApache OFBiz XML-RPC Java Deserialization
This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.
View ArticleApache OfBiz 17.12.01 Remote Command Execution
Apache OfBiz version 17.12.01 exploit that achieves remote command execution via unsafe deserialization of XMLRPC arguments.
View ArticleApache Storm Nimbus 2.2.0 Command Execution
This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument...
View ArticleApache Commons Text 1.9 Remote Code Execution
This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead...
View Article
More Pages to Explore .....