tomcat examples jsp XSS

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

FrontAccounting 1.13 Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== FrontAccounting 1.13 Remote File Inclusion Vulnerabilities ========================================================== ?????????? ??????????????? ???????????????????...

Fixed in Apache Tomcat 5.5.25, 5.0.SVN

Low: Cross-site scripting CVE-2007-2449 JSPs within the examples web application did not escape user provided data before including it in the output. This enabled a XSS attack. These JSPs now filter the data before use. This issue may be mitigated by undeploying the examples web application. Note...

CVE-2007-4724

CVE-2007-4724 describes a CSRF vulnerability in the Apache Tomcat calendar examples app, specifically in the file cal2.jsp of the calendar example. The issue allows a remote attacker to add events as arbitrary users by supplying the time and description parameters, enabling unauthorized calendar ...

Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability

Apache Tomcat/4.1.31 ships with built in examples. One of the example calendar.jsp suffers from input validation error and could be exploited for cross site scriptingand cross site request forgery. XSS http://myserver:myport/examples/jsp/cal/cal2.jsp?time=8am3cscript3eale rt"XSS!"3c2fscript3e XSR...

A variety of URL deception of the century-vulnerability and early warning-the black bar safety net

This article has been published inhack the X-Filesmagazine issue 9..evil octal Starter..reprint please indicate the copyright. Author BLOG:http://www. ciker. org/ No. 7 of the X-Fileshanging horse,don't forget phpwind Foruma text reference to the URL of the cheating ways has caused me great...

Cross site scripting

Cross-site scripting XSS vulnerability in SendMailServlet in the examples web application examples/jsp/mail/sendmail.jsp in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, relat...

CVE-2007-3383: XSS in Tomcat send mail example

CVE-2007-3383: XSS in Tomcat send mail example Severity: Low Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: 4.0.0 to 4.0.6 4.1.0 to 4.1.36 Description: When reporting error messages, the SendMailServlet does not filter user supplied data before display. This enable...

Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field

Overview The example SendMailServlet page that comes with Apache Tomcat is vulnerable to cross-site scripting via the "From" field. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat includes a sample page called SendMailServlet,...

netflow-xss.txt

NetFlow Analizer 5 & OpManager 7 multiple XSS vendor url:http://www.adventnet.com/ advisore:http://lostmon.blogspot.com/2007/07/ netflow-analizer-5-opmanager-7-multiple.html vendor notify:yes exploits include:yes NetFlow Analizer and OpManager contains a flaw that allows a remote cross site...

VRNews 1.1.1 (admin.php) Remote Permission Bypass Vulnerability

No description provided by source. VRNews v1.x = /VRNews/admin.php Permission Found by: R4M! - [email protected] Dork: intitle:"vrnews v1" Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm Example: 1. /VRNews/admin.php?act=edit 2. /VRNews/admin.php?act=add 3. /VRNews/admin.php?act=confi...

Elkagroup Image Gallery 1.0 - SQL Injection

--==+================================================================================+==-- --==+ Image Gallery 1.0 SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SCRIPT DOWNLOAD: N/A SITE:...

bugmall shopping cart 2.5 - SQL Injection / Cross-Site Scripting

--==+================================================================================+==-- --==+ BUG MALL SHOPPING CART 2.5 AND PRIOR SQL, XSS, DEFAULT LOGINS VULNERABILITYS +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog...

Apache Tomcat snoop.jsp URI XSS

The remote Apache Tomcat web server includes an example JSP application, 'snoop.jsp', that fails to sanitize user-supplied input before using it to generate dynamic content. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to...

CVE-2007-2449.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-2449: Apache Tomcat XSS vulnerabilities in the JSP examples Severity: low cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.2...

[Full-disclosure] [CVE-2007-2449] Apache Tomcat XSS vulnerabilities in the JSP examples

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-2449: Apache Tomcat XSS vulnerabilities in the JSP examples Severity: low cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.2...

CentOS 5 : tomcat (CESA-2007:0327)

Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomca...

jakarta, tomcat5 security update

CentOS Errata and Security Advisory CESA-2007:0327 Updated tomcat packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Ja...

CVE-2007-2614

CVE-2007-2614 describes a PHP remote file inclusion vulnerability in the file examples/widget8.php of phpHtmlLib 2.4.0 and earlier . The flaw allows an attacker to cause remote PHP code execution by supplying a URL in the phphtmllib parameter. Affected component is the widget8 example within phpH...

CVE-2007-2614

PHP remote file inclusion vulnerability in examples/widget8.php in phpHtmlLib 2.4.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter...