PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages (PSP)

PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages PSP Vulnerability found: 19th December 2007 Vendor informed: 14th January 2007 Vulnerability fixed: the vendor did not respond, however a workaround has been included in the "Fix" section of this...

ProCheckUp Security Advisory 2008.1

PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages PSP Vulnerability found: 19th December 2007 Vendor informed: 14th January 2007 Vulnerability fixed: the vendor did not respond, however a workaround has been included in the "Fix" section of this...

ProCheckUp Security Advisory 2007.39

PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...

PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection

PR07-39: Multiple vulnerabilities on Absolute News Manager.NET 5.1 including file retrieval and SQL injection Vulnerabilities found: 16 November 2007 Vendor informed: 19 November 2007 Vulnerability fixed: 28 November 2007 Severity: High Description: Multiple vulnerabilities were found on Absolute...

Absolute News Manager .NET 5.1 - 'getpath.aspx' Direct Request Error Message Information

source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues. Attackers can exploit these issues to steal cookie-based authentication...

PR07-20: Webroot disclosure on Webbler CMS

PR07-20: Webroot disclosure on Webbler CMS This advisory has been published following consultation with UK CPNI formerly known as NISCC Date Found: 14th June 2007 Successfully tested on: Webbler CMS version 3.1.3. Earlier versions are possibly affected as well. Note: the version number is usually...

Apache Tomcat 5.x6.0.x - Directory Traversal

Apache Tomcat 5.x6.0.x - Directory Traversal source: https://www.securityfocus.com/bid/22960/info Apache HTTP servers running with the Tomcat servlet container are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issu...

SEC Consult SA-20070314-0 :: Apache HTTP Server / Tomcat directory traversal

SEC Consult Security Advisory 20070314-0 ======================================================================= title: Apache HTTP Server / Tomcat directory traversal program: Apache HTTP Server / Apache Tomcat vulnerable version: Apache Tomcat 5.x: 5.5.22 Apache Tomcat 6.x: 6.0.10 CVE:...

Spyce 2.1.3 - spyceexamplesformtag.spy Multiple Cross-Site Scripting Vulnerabilities

Spyce 2.1.3 - spyceexamplesformtag.spy Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage...

Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Spyce 2.1.3 - docsexampleshandlervalidate.spy?x Cross-Site Scripting

Spyce 2.1.3 - docsexampleshandlervalidate.spy?x Cross-Site Scripting source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to...

Spyce 2.1.3 - spyceexamplesgetpost.spy?Name Cross-Site Scripting

Spyce 2.1.3 - spyceexamplesgetpost.spy?Name Cross-Site Scripting source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execu...

Spyce 2.1.3 - spyceexamplesautomaton.spy Direct Request Error Message Information Disclosure

Spyce 2.1.3 - spyceexamplesautomaton.spy Direct Request Error Message Information Disclosure source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may...

Spyce 2.1.3 - '/docs/examples/redirect.spy' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Spyce 2.1.3 - 'spyce/examples/request.spy?name' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Spyce 2.1.3 - 'docs/examples/handlervalidate.spy?x' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Spyce 2.1.3 - docsexamplesredirect.spy Multiple Cross-Site Scripting Vulnerabilities

Spyce 2.1.3 - docsexamplesredirect.spy Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage...

Spyce 2.1.3 - '/spyce/examples/formtag.spy' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Spyce 2.1.3 - 'spyce/examples/getpost.spy?Name' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

DotClear Full Path Disclosure Vulnerability

I have contacted the developers 2 weeks ago, still no answer... Vendor: DotClear Vulnerable: DotClear 1.2.5 and below Release Date: 2007-01-28 Full Path Disclosure This vulnerability affects: http://www.example.com/dotclear/themes/default/form.php...