455 matches found
iDefense Security Advisory 06.14.07: Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting (XSS) Vulnerability
Apache MyFaces Tomahawk JSF Framework Cross-Site Scripting XSS Vulnerability iDefense Security Advisory 06.14.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2007 I. BACKGROUND Java Server Faces, JSF, is a framework used to create server side GUI Web applications. It is comparab...
JVN#64851600 Apache Tomcat sample web application cross-site scripting vulnerability
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. jsp-examples, a sample web application included in Apache Tomcat, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user'...
[Full-disclosure] [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-2449: Apache Tomcat XSS vulnerabilities in the JSP examples Severity: low cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.2...
CVE-2007-1355.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-1355: Tomcat documentation XSS vulnerabilities Severity: Moderate Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.23 Tomcat...
Apache Struts Error Response Cross-Site Scripting Vulnerability
Struts is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1548
Cross-site scripting XSS vulnerability in 1 LookupDispatchAction and possibly 2 DispatchAction and 3 ActionDispatcher in Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting...
Information disclosure
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1548
Cross-site scripting XSS vulnerability in 1 LookupDispatchAction and possibly 2 DispatchAction and 3 ActionDispatcher in Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1546
Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1547
ActionForm in Apache Software Foundation ASF Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to...
CVE-2006-1548
CVE-2006-1548 is an XSS vulnerability in Apache Struts prior to 1.2.9. The flaw allows remote attackers to inject arbitrary script/HTML via the request parameter name in LookUpDispatchAction, and possibly DispatchAction and ActionDispatcher, with the error message not filtering the input. Connect...
CVE-2006-1546
CVE-2006-1546 : Apache Struts 1.x before 1.2.9 is vulnerable to bypassing validation via a request param org.apache.struts.taglib.html.Constants.CANCEL, causing the action to be canceled but may not be detected by applications that skip isCancelled(). Affects Struts 1.x components and can lead to...
Lutece XSS vuln.
Lutece XSS vuln. Vuln. discovered by : r0t Date: 18 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/lutece-xss-vuln.html vendor:http://lutece.paris.fr affected version:1.2.3 and prior Product Description: Lutece is a web portal engine that lets you quickly create internet or intran...
CVE-2005-2728
The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service memory consumption via an HTTP header with a large Range field...
[SECURITY] [DSA 689-1] New mod_python packages fix information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 689-1 [email protected] http://www.debian.org/security/ Martin Schulze February 23rd, 2005 http://www.debian.org/security/faq -...
DSA-689-1 libapache-mod-python - missing input sanitising
Bulletin has no description...
mod_python -- information leakage vulnerability
Mark J Cox reports: Graham Dumpleton discovered a flaw which can affect anyone using the publisher handle of the Apache Software Foundation modpython. The publisher handle lets you publish objects inside modules to make them callable via URL. The flaw allows a carefully crafted URL to obtain extr...