The Apache ActiveMQ version 6.1.6 is prone to a Denial of Service (DOS) vulnerability. An attacker can exploit this vulnerability by sending specially crafted requests to the server, causing it to become unresponsive or crash.
The Apache HugeGraph Server version 1.2.0 and prior is vulnerable to remote code execution. By sending a crafted payload to the server, an attacker can execute arbitrary code on the target system.
The exploit allows remote attackers to execute arbitrary code on the target system by uploading a malicious payload to a specific URL and triggering it through a crafted request. This vulnerability is identified as CVE-2025-24813 affecting Apache Tomcat versions prior to 11.0.3, 10.1.35, and 9.0.98.
The exploit allows remote code execution in Apache Commons Text version less than 1.10.0 by sending a malicious payload via a POST request. This exploit uses a script interpolator to execute arbitrary commands on the target system.
Apache OFBiz version 18.12.12 and below is vulnerable to directory traversal. An attacker can exploit this vulnerability by sending a crafted XML request to the '/webtools/control/xmlrpc' endpoint, allowing them to access files outside of the web root directory, such as sensitive system files like '/etc/passwd' or executing commands on the server.
The exploit allows an attacker to execute remote code on the Karaf Console. By sending a crafted request, an attacker can open a reverse shell connection, giving them unauthorized access to the system. This vulnerability has been assigned the CVE identifier CVE-2023-XXXXX.
This module exploits the mod_rewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This module requires REWRITEPATH to be set accurately. In addition, the target must have 'RewriteEngine on' configured, with a specific 'RewriteRule' condition enabled to allow for exploitation. The flaw affects multiple platforms, however this module currently only supports Windows based installations.
The Apache mod_php module is prone to a vulnerability that may allow a local attacker to gain access to privileged file descriptors. This vulnerability can be exploited by a local attacker to pose as a legitimate server and potentially steal or manipulate sensitive information.
Remote attackers can view directory contents and disclose the contents of files by exploiting the vulnerability in Apache Tomcat.
This script generates payloads to exploit hash collision vulnerabilities in various servers including Apache Geronimo, Oracle Glassfish, PHP, and Apache Tomcat. It can be used to make multiple requests to a server without waiting for a response, potentially causing a denial of service. The payload length, collision character length, and number of collision characters can be customized.
Services By CQR