ZCMS 1.1 Cross Site Scripting / SQL Injection Vulnerabilities

ZCMS version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities. + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt Vendor: =============================================...

ZCMS SQL Injection & Persistent XSS

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt Vendor: ============================================= http://zencherry.com/ http://sourceforge.net/projects/zencherrycms Product:...

ZCMS 1.1 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications Exploit Title: SQL Injection & Persistent XSS Google Dork: intitle: SQL Injection & Persistent XSS Date: 2015-06-12 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: zencherry.com Software Link:...

ZCMS 1.1 - Multiple Vulnerabilities

Exploit Title: SQL Injection & Persistent XSS Google Dork: intitle: SQL Injection & Persistent XSS Date: 2015-06-12 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: zencherry.com Software Link: sourceforge.net/projects/zencherrycms Version: 1.1 Tested on:...

ZCMS 1.1 - Multiple Vulnerabilities

ZCMS 1.1 - Multiple Vulnerabilities Exploit Title: SQL Injection & Persistent XSS Google Dork: intitle: SQL Injection & Persistent XSS Date: 2015-06-12 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: zencherry.com Software Link:...

RedHat Update for tomcat RHSA-2015:0983-01

The remote host is missing an update for the Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 7 : tomcat (CESA-2015:0983)

Updated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from...

RHEL 6 : tomcat6 (RHSA-2015:0991)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0991 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was discovered that the ChunkedInputFilter in...

Multiple IBM Rational Products Jazz Help System Information Disclosure Vulnerabilities

IBM Rational CLM, Rational Team Concert RTC, and Rational Engineering Lifecycle Manager are collaborative lifecycle management solutions; Rational Quality Manager RQM is a set of collaborative, Web-based quality management solutions; Rational Requirements Composer and Rational DOORS Next Generati...

[SECURITY] Fedora 21 Update: tomcat-7.0.59-1.fc21

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[ANN] Apache Struts 2.3.20 GA release available with security fix

The Apache Struts group is pleased to announce that Apache Struts 2.3.20 is available as a "General Availability" release. The GA designation is our highest quality grade. Apache Struts 2 is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework is...

[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Apache Warns of Tomcat Remote Code Execution Vulnerability

Some older versions of the open source Apache Tomcat web server and servlet container, are vulnerable to remote code execution. In what Mark Thomas, a longtime Apache Tomcat committer, calls “limited circumstances,” a user could upload malicious JavaServer Pages JSP to a server running Tomcat, an...

[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

Low: Red Hat Security Advisory: tomcat security update

Updated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the...

RHEL 7 : tomcat (RHSA-2014:0686)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0686 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was found that a fix for a previous...

Moderate: Red Hat Security Advisory: tomcat security update

Updated tomcat packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4575/info Apache Tomcat is a servlet container for use with the Java Servlet and JavaServer Pages technologies. Tomcat may be run on most UNIX and Linux variants as well as Microsoft Windows. Apache Tomcat ships with a...

Apache Tomcat 5.5.25 - CSRF Vulnerabilities

No description provided by source. +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Apache Tomcat 5.5.25 CSRF Vulnerabilities Date : 10-24-2013 Author : Ivano Binetti http://ivanobinetti.com Author :...