CVE-2009-0417

The CVE-2009-0417 issue is an XSS vulnerability in AgaviWebRouting::gen(null) affecting Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8. It allows remote attackers to inject arbitrary script/HTML via a crafted URL that bypasses RFC 3986 handling in some browsers (e.g., IE6/IE7). The descript...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate was based on an incorrect claim regarding a directory issue in Agavi. The vendor has disputed the issue and the original researcher has retracted the original claim, so this is not a vulnerability. Further...

CVE-2008-4920

CVE-2008-4920 is rejected/not used as a vulnerability entry.

agavi-traverse.txt

AGAVI =Agavi 1.0.0 beta 5 Directory Transversal Exploit vendor : http://www.agavi.org/ affected versions : =Agavi 1.0.0 beta 5 latest found by t0fx // http://forum.europasecurity.org white hat crew // exploit : http://www.site.com/index.php?module=page&action=Display&pageref=pageref of the...

Agavi 1.0.0 beta 5 (cmplang) Remote File Disclosure Vulnerability

No description provided by source. AGAVI =Agavi 1.0.0 beta 5 Directory Transversal Exploit vendor : http://www.agavi.org/ affected versions : =Agavi 1.0.0 beta 5 latest found by t0fx // http://forum.europasecurity.org white hat crew // exploit :...