PayloadsAllTheThings/CVE Exploits
2018-09-03 18:41:05 +02:00
..
Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py CVE Apache Struts + XSS in Python Notebook 2018-08-28 18:48:26 +02:00
Apache Struts 2 CVE-2017-5638.py Refactoring XSS 0/? 2018-03-23 13:53:53 +01:00
Apache Struts 2 CVE-2017-9805.py Refactoring XSS 0/? 2018-03-23 13:53:53 +01:00
Apache Struts 2 CVE-2018-11776.py CVE Apache Struts + XSS in Python Notebook 2018-08-28 18:48:26 +02:00
Drupalgeddon2 CVE-2018-7600.rb CVE Apache Struts + XSS in Python Notebook 2018-08-28 18:48:26 +02:00
Heartbleed CVE-2014-0160.py Drupal exploit 2018-04-17 21:39:26 +02:00
README.md Refactoring XSS 0/? 2018-03-23 13:53:53 +01:00
Shellshock CVE-2014-6271.py Drupal exploit 2018-04-17 21:39:26 +02:00
Tomcat CVE-2017-12617.py CVE Apache Struts + XSS in Python Notebook 2018-08-28 18:48:26 +02:00
WebLogic CVE-2017-10271.py Linux Persistence + WebLogic RCE 2018-09-03 18:41:05 +02:00
WebLogic CVE-2018-2894.py Linux Persistence + WebLogic RCE 2018-09-03 18:41:05 +02:00

Common Vulnerabilities and Exposures

Big CVEs in the last 5 years.

CVE-2014-0160 - Heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

CVE-2014-6271 - Shellshock

Shellshock, also known as Bashdoor is a family of security bug in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

CVE-2017-5638 - Apache Struts 2

On March 6th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public. This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the “Content-Type” header.

Thanks to