Quantcast
Channel: Files from Alvaro Munoz ≈ Packet Storm
Browsing all 9 articles
Browse latest View live

Spring Framework XXE Injection

:0
:0
August 23, 2013, 8:44 am

Spring Framework versions 3.x and 4.x suffer from an XML external entity (XXE) injection vulnerability.

View Article
Search

Nexus Repository Manager 3.21.1-01 Remote Code Execution

:0
:0
April 16, 2020, 8:37 am

This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01.

View Article

Apache OFBiz XML-RPC Java Deserialization

:0
:0
August 17, 2020, 10:38 am

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.

View Article

Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization

:0
:0
October 20, 2020, 1:31 pm

This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload (RAU) component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the...

View Article

Apache Struts 2 Forced Multi OGNL Evaluation

:0
:0
December 24, 2020, 9:31 am

The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will...

View Article

Apache OFBiz XML-RPC Java Deserialization

:0
:0
March 12, 2021, 8:25 am

This Metasploit module exploits a Java deserialization vulnerability in Apache OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for versions prior to 17.12.04.

View Article

Apache OfBiz 17.12.01 Remote Command Execution

:0
:0
August 4, 2021, 6:47 am

Apache OfBiz version 17.12.01 exploit that achieves remote command execution via unsafe deserialization of XMLRPC arguments.

View Article

Apache Storm Nimbus 2.2.0 Command Execution

:0
:0
November 19, 2021, 8:44 am

This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument...

View Article
Search

Apache Commons Text 1.9 Remote Code Execution

:0
:0
January 19, 2024, 7:24 am

This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead...

View Article
Browsing all 9 articles
Browse latest View live
More Pages to Explore .....
Search

Latest Images

Eco Data 4/26/24

Eco Data 4/26/24

April 25, 2024, 5:00 pm
‘Pay day every day’ may become Shangri-La Group, BPOs’ secret to happy employees

‘Pay day every day’ may become Shangri-La Group, BPOs’ secret to happy employees

April 25, 2024, 5:51 am
Nonprofit donates custom home in this East Bay city for Marine injured in...

Nonprofit donates custom home in this East Bay city for Marine injured in...

April 23, 2024, 7:00 am
New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

New private rooms on Tokaido Shinkansen change the way we travel from Tokyo...

April 22, 2024, 6:00 am
Ukraine bans military from online gambling amid addiction concerns

Ukraine bans military from online gambling amid addiction concerns

April 22, 2024, 5:17 am
ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

ಮಂಡ್ಯದಿಂದ ಸುಮಲತಾ ದೂರ; ಹೆಚ್‌ಡಿಕೆ ಪರ ಪ್ರಚಾರಕ್ಕಿಳಿಯದ ಸಂಸದೆ –ಬರ್ತಾರೆ ನೋಡೋಣ ಎಂದ...

April 20, 2024, 8:08 pm
OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

OCBC Bank Singapore Offers Up to 2.8% p.a. Fixed Deposit Promotion from 21...

April 20, 2024, 12:38 pm
National Poetry Month 2024: Maxine Starr

National Poetry Month 2024: Maxine Starr

April 19, 2024, 9:56 am
Vegan Chicken Pot Pie

Vegan Chicken Pot Pie

April 19, 2024, 9:18 am
Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

Firefox UX: On Purpose: Collectively Defining Our Team’s Mission Statement

April 19, 2024, 7:03 am