633 matches found
Velocity安全管理系统HTTP服务器目录遍历漏洞
BUGTRAQ ID: 30261 Hirsch公司的Velocity安全管理系统是用于访问控制和安全操作的管理软件。 Velocity安全管理系统处理畸形用户请求时存在漏洞,远程攻击者可以向Velocity安全管理系统内嵌的WEB服务器提交恶意URL请求执行目录遍历攻击,导致下载服务器上的敏感数据。 Hirsch Electronics Velocity Security Management System 1.0 http://server:port/../../../../../../../../../../../../../etc/passwd...
Velocity Web Server directory traversal
No description provided...
Velocity Security Management System HTTP服务器目录遍历漏洞
BUGTRAQ ID: 30261 CNCAN ID:CNCAN-2008071704 Velocity Security Management System是一款系统管理程序。 Velocity Security Management System HTTP服务程序存在目录遍历攻击,远程攻击者可以利用漏洞以应用程序权限查看系统文件内容。 构建包含多个'../'字符作为参数数据,可绕过WEB ROOT限制,以应用程序权限查看系统文件内容。 Hirsch Electronics Velocity Security Management System 1.0 下载最新版本:...
DSECRG-08-028.txt
Digital Security Research Group DSecRG Advisory DSECRG-08-028 Application: Velocity web-server a part of Velocity Security Management System Versions Affected: Old version 1.0 Vendor URL: http://hirschelectronics.com Bugs: Directory traversal File Download Exploits: YES Reported: 03.03.2008 Secon...
Cisco Security Advisory: Default Passwords in the Application Velocity System
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Default Passwords in the Application Velocity System Advisory ID: cisco-sa-20080123-avs http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml Revision 1.0 For Public Release 2008 January 23 1600 UTC GMT...
Cisco Application Velocity System default account
Password for default account is not generated during installation...
Default Passwords in the Application Velocity System
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
Move velocity templates and other web resources into WEB-INF in the Confluence webapp
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-9730. panel It presents a small information leak, and is just tidier if we put all the internal stuff into WEB-INF...
Move velocity templates and other web resources into WEB-INF in the Confluence webapp
It presents a small information leak, and is just tidier if we put all the internal stuff into WEB-INF...
Velocity does not automatically escape HTML entities when substituting variables
Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...
Velocity does not automatically escape HTML entities when substituting variables
Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...
Velocity does not automatically escape HTML entities when substituting variables
Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...
Cisco Application Velocity System TCP port relaying
Default configuration allows any TCP port to be accessed with transparent HTTP proxy request...