This Metasploit module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is not implemented in this module.
This Metasploit module exploits a vulnerability in the history component of TWiki. By passing a 'rev' parameter containing shell metacharacters to the TWikiUsers script, an attacker can execute arbitrary OS commands.
This Metasploit module exploits a vulnerability in the search component of TWiki. By passing a 'search' parameter containing shell metacharacters to the 'WebSearch' script, an attacker can execute arbitrary OS commands.
SpiderLabs has documented view state tampering vulnerabilities in three products from separate vendors. Microsoft ASP.Net version 3.5, Apache MyFaces versions 1.2.8 and 1.2.7, and Sun Microsystems Mojarra versions 1.2_14 and 2.0.2 are all vulnerable.