Xibo 1.2.2/1.4.1 - 'index.php?p' Directory Traversal

Exploit Title: Xibo Directory Traversal Vulnerability Exploit Author: Mahendra Date: 2 April 2013 Vendor homepage: http://xibo.org.uk References: http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-DS-2013-00 Affected Vendor: Spring Signage Ltd Affected...

Important: Red Hat Security Advisory: Red Hat JBoss Portal 5.2.2 security update

Red Hat JBoss Portal 5.2.2 roll up patch 1, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Important: Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 update

Fuse ESB Enterprise 7.1.0 Patch 3, which fixes three security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Security: Ability to determine if username is valid via DaoAuthenticationProvider

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of logi...

Apache Rave 0.11 - 0.20 - User Information Disclosure Vulnerability

Exploit for multiple platform in category web applications CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via...

Apache Rave 0.11 0.20 - User Information Disclosure

Apache Rave 0.11 0.20 - User Information Disclosure CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the Us...

Apache Rave User Exposure

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Spring blast remote code execution vulnerability with EXP-a vulnerability warning-the black bar safety net

Last week that is in the 1 On 1 of 6 days, the security firm Aspect Security revealed in the Spring Framework Development Code, and found a significant security vulnerability. The vulnerability is named“remote code with Expression Language injection”in. They found that by sending a specific Sprin...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Important: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 update

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 update

Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common...

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...