40 matches found
EUVD-2002-2069
Malware in sbrugna...
EUVD-2000-1206
Malware in sbrugna...
EUVD-2001-0812
Malware in sbrugna...
EUVD-2003-1503
Malware in sbrugna...
EUVD-2004-0280
Malware in sbrugna...
EUVD-2010-2052
Malware in sbrugna...
CVE-2002-2090
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp...
Resin Pro improperly performs Unicode transformations
Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...
Caucho Technology Resin 1.2/1.3 JavaBean Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside in a protected...
Resin Application Server 4.0.36 Source Code Disclosure Vulnerability
No description provided by source. Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java Application Server for...
Resin Application Server 4.0.36 - Source Code Disclosure
Resin Application Server 4.0.36 - Source Code Disclosure Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java...
Resin Application Server 4.0.36 XSS / Source Code Disclosure
Resin Application Server version 4.0.36 suffers from a cross site scripting / source code disclosure vulnerabilities. Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional...
Resin Application Server 4.0.36 - Source Code Disclosure
Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java Application Server for high traffic sites that require spe...
Resin Application Server 4.0.36 Source Code Disclosure
Resin Application Server 4.0.36 Source Code Disclosure Vulnerability Vendor: Caucho Technology, Inc. Product web page: http://www.caucho.com Affected version: Resin Professional Web And Application Server 4.0.36 Summary: Resin is the Java Application Server for high traffic sites that require spe...
Resin Application Server 4.0.36 Source Code Disclosure Vulnerability
Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description The vulnerability is caused do to an improper sanitization of the 'fil...
Resin Application Server 4.0.36 Cross-Site Scripting Vulnerabilities
Summary Resin is the Java Application Server for high traffic sites that require speed and scalability. It is one of the earliest Java Application Servers, and has stood the test of time due to engineering prowess. Description Resin Application and Web Server suffers from a XSS issue due to a...
CVE-2010-2032
CVE-2010-2032 concerns multiple XSS flaws in Caucho Resin’s resin-admin/digest.php. Affected products include Resin Professional 3.1.5, 3.1.10, 4.0.6 (and potentially other versions). The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the digest_realm or digest_...
Caucho Technology Resin digest.php Cross Site Scripting Vulnerability
This vulnerability do not need to login.digest.php use the REQUEST method in a wrong way to accept parametersthe malicious user could submit xss code on this page and an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. exp:...
resin 1.2 目录遍历漏洞
Caucho Technology Resin 1.2.2存在一个安全问题。远程用户可以获取http根 目录之外的文件的读取权限。通过构造一个特别的包含'/..'或者'/...'的URL, 可能导致目录遍历。 此问题只影响在Windows NT/2000系统中安装的Resin. 测试方法: joetesta ([email protected]提供了如下演示代码: http://localhost:8080/../readme.txt 建议: 厂商补丁: Caucho Technology已经提供了Resin 1.2.3,此版本已经解决了此安全问题。 下载地址:...
CVE-2003-1513
CVE-2003-1513 concerns multiple XSS vulnerabilities in Caucho Technology Resin 2.0–2.1.2, exposed via example scripts (env.jsp, form.jsp, session.jsp, tictactoe.jsp with the move parameter, and guestbook.jsp with name/comment fields). The root cause is the failure to properly sanitize user-suppli...