24 matches found
CVE-2025-57784
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
CVE-2025-57784 Tomahawk authentication timing attack due to usage of 'strcmp'
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
EUVD-2025-206342
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
CVE-2025-57784
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
CVE-2025-57784
CVE-2025-57784 refers to a Tomahawk authentication timing attack in the Hiawatha webserver (version 11.7) caused by the use of strcmp in the admin handling path, which could enable a local attacker to access the management client. The Red Hat and CVE records corroborate the issue as a local-timin...
CVE-2025-57784 Tomahawk authentication timing attack due to usage of 'strcmp'
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
PT-2026-4797
Tomahawk auth timing attack due to usage of strcmp has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client...
EUVD-2002-1424
Malware in sbrugna...
tomahawk.fishingreservations.net Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1020084 Security Researcher Gh05tPT Helped patch 6901 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting...
Cross-site Scripting (XSS)
tomahawk is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the autoScroll parameter, allowing XSS attacks...
Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24480/info Apache Tomahawk MyFaces JSF Framework is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to launch...
Apache MyFaces Tomahawk JSF Application autoscroll Multiple XSS
The remote web server uses an implementation of the Apache MyFaces Tomahawk JSF framework that fails to sanitize user-supplied input to the 'autoScroll' parameter before using it to generate dynamic content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrar...
CVE-2007-3101
Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...
CVE-2007-3101
Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...
CVE-2007-3101
CVE-2007-3101 corresponds to XSS in Apache MyFaces Tomahawk JSF framework prior to 1.1.6. The vulnerability arises from unsanitized autoscroll input that is injected into Javascript sent to clients, enabling remote script execution in the user’s browser. Remediation: upgrade to MyFaces Tomahawk 1...
Apache MyFaces Tomahawk JSF架构Autoscroll参数跨站脚本漏洞
Java Server Faces, JSF是一款用于建立服务端GUI WEB应用程序的架构。 Java Server Faces, JSF不正确过滤用户提交的HTTP请求,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 当从POST或者GET请求解析'autoscroll'参数时,由于不充分过滤,可导致提交恶意脚本代码作为参数,当其他用户解析时可泄露敏感信息。 Apache MyFaces Tomahawk 1.1.5 升级程序: Apache MyFaces Tomahawk 1.1.5 Apache tomahawk-1.1.6-bin.tar.gz...
iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability
Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting XSS Vulnerability iDefense Security Advisory 06.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2007 I. BACKGROUND Java Server Faces, JSF, is a framework used to create server side GUI Web applications. It is comparab...
Apache MyFaces Tomahawk crossite scripting
Crossite scripting on 'autoscroll' parameter...
Apache MyFaces Tomahawk JSF Framework 1.1.5 - Autoscroll Cross-Site Scripting
Apache MyFaces Tomahawk JSF Framework 1.1.5 - Autoscroll Cross-Site Scripting source: https://www.securityfocus.com/bid/24480/info Apache Tomahawk MyFaces JSF Framework is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this...