Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
Max CVSS
9.8
EPSS Score
5.87%
Published
2016-10-25
Updated
2022-07-25
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
Max CVSS
7.2
EPSS Score
1.65%
Published
2016-09-27
Updated
2023-02-12
Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a crafted serialized object in a JMS ObjectMessage that is handled by the getObject function.
Max CVSS
7.5
EPSS Score
1.07%
Published
2016-07-13
Updated
2018-10-09
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
Max CVSS
9.8
EPSS Score
6.68%
Published
2016-07-04
Updated
2019-08-12

CVE-2016-4437

Known exploited
Public exploit
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Max CVSS
8.1
EPSS Score
97.48%
Published
2016-06-07
Updated
2018-10-09
CISA KEV Added
2021-11-03

CVE-2016-3087

Public exploit
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Max CVSS
9.8
EPSS Score
46.49%
Published
2016-06-07
Updated
2019-08-12
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
Max CVSS
10.0
EPSS Score
95.90%
Published
2016-04-26
Updated
2016-11-28

CVE-2016-3081

Public exploit
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
Max CVSS
9.3
EPSS Score
97.52%
Published
2016-04-26
Updated
2019-08-12
The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) ODP or (2) OTP file.
Max CVSS
7.8
EPSS Score
1.05%
Published
2016-08-05
Updated
2017-09-01
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
Max CVSS
8.1
EPSS Score
2.73%
Published
2016-07-04
Updated
2020-07-15
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
Max CVSS
9.0
EPSS Score
1.73%
Published
2016-04-12
Updated
2019-08-23
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
Max CVSS
8.8
EPSS Score
0.25%
Published
2016-08-19
Updated
2016-08-22
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
Max CVSS
8.8
EPSS Score
0.73%
Published
2016-02-25
Updated
2023-12-08

CVE-2016-0709

Public exploit
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."
Max CVSS
9.0
EPSS Score
23.92%
Published
2016-04-11
Updated
2016-04-20
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.
Max CVSS
8.0
EPSS Score
94.96%
Published
2016-04-14
Updated
2019-02-12
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.
Max CVSS
9.0
EPSS Score
94.36%
Published
2016-01-08
Updated
2017-07-01
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Max CVSS
9.8
EPSS Score
3.86%
Published
2016-01-08
Updated
2019-12-17
17 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!