CVE-2017-9805.zip
2.2 KB
CVE-2017-9805
Author: Fl5xia
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
GitHub Link:
https://github.com/Fl5xia/CVE-2017-9805
Author: Fl5xia
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
GitHub Link:
https://github.com/Fl5xia/CVE-2017-9805
CVE-2012-2982.zip
2.2 KB
CVE-2012-2982
Author: JRrooot
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
GitHub Link:
https://github.com/JRrooot/CVE-2012-2982-Webmin-RCE
Author: JRrooot
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
GitHub Link:
https://github.com/JRrooot/CVE-2012-2982-Webmin-RCE
CVE-2026-21440.zip
5 KB
CVE-2026-21440
Author: Ashwesker
None
GitHub Link:
https://github.com/Ashwesker/Ashwesker-CVE-2026-21440
Author: Ashwesker
None
GitHub Link:
https://github.com/Ashwesker/Ashwesker-CVE-2026-21440
CVE-2025-55182
Author: MyCompanyOrganization
None
GitHub Link:
https://github.com/MyCompanyOrganization/React2Shell-Kingdom
Author: MyCompanyOrganization
None
GitHub Link:
https://github.com/MyCompanyOrganization/React2Shell-Kingdom
CVE-2016-1000027
Author: aim-sec
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
GitHub Link:
https://github.com/aim-sec/CVE-2016-1000027-with-c3p0
Author: aim-sec
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
GitHub Link:
https://github.com/aim-sec/CVE-2016-1000027-with-c3p0