Centrinity FirstClass HTTP Server Cross Site Scripting

Product: FirstClass HTTP Server Developer: Centrinity URL: http://www.centrinity.com Description: Injected code is rendered in the context of the vulnerable page. Exploit: http://TARGET/.Templates/Commands/Upload.shtml?TargetName=scriptalert'XSS'/script It may be possible to steal cookies from...

FirstClass 7.1 HTTP Server: Remote Directory Listing

FirstClass 7.1 HTTP Server allow the listing of all files under the web root directory and user web directories. This can be achieved by appending "/Search" to the URL. The browser will present a file searching form. If all check boxes search options are selected, and the filename text box is lef...