[Burp Co2] A collection of enhancements for Portswigger's popuplar Burp Suite web penetration testing tool

Co2 includes several useful enhancements bundled into a single Java-based Burp Extension. The extension has it's own configuration tab with multiple sub-tabs for each Co2 module. Modules that interact with other Burp tools can be disabled from within the Co2 configuration tab, so there is no need...

Ametys CMS 3.5.2 XPath Injection Vulnerability

Ametys CMS version 3.5.2 suffers from an XPath injection vulnerability. Input passed via the 'lang' POST parameter in the newsletter plugin is not properly sanitized before being used to construct an XPath query for XML data. Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor:...

Ametys CMS 3.5.2 - lang XPath Injection

Ametys CMS 3.5.2 - lang XPath Injection Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open...

Ametys CMS 3.5.2 - 'lang' XPath Injection

Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open source CMS combining rich content with ...

Ametys CMS 3.5.2 XPath Injection

Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open source CMS combining rich content with an easy-to-use and intuitive interface. Desc: Input passed v...

Apache Struts Update Patches Two Vulnerabilities

The group behind Apache have pushed out a new version of Struts, fixing two issues in the framework that were giving developers difficulties over the past several weeks. The Apache Software Foundation posted version 2.3.15.3 of the framework online Tuesday. The release fixes an access control...

JBoss Web Services Endpoint Enumeration

JBossWS, a framework similar to JAX-WS for making Java EE web services, is listening on the remote host and lists its registered endpoints. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid66189; scriptversion"1.3";...

RHEL 5 / 6 : Oracle Java SE (RHSA-2013:0666)

Updates to the java-1.6.0-sun packages that disable the Java Web Browser Plug-in and Web Start included in these packages. As a result, customers who rely on Java-based browser applets may need to re-configure their browser to use one of the Java implementations listed in the Solution section...

Struts2 vulnerability analysis of the Ongl code to perform the analysis-vulnerability warning-the black bar safety net

A, brief 2 0 1 0 year 7 on exploitdb broke the Struts2/XWork 2.2.0 Remote Command Execution Vulnerability action, can be called God-like vulnerability, an attacker would just construct the appropriate statement, there is a great chance to gain system permissions for System or root because tomcat ...

Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64

A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially crafted HTTP request. CVE-2010-4476 All running instances of...

JAMWiki 1.1.4 Cross Site Scripting

Title : JAMWiki 'num' Parameter Cross Site Scripting Vulnerability Author : Sooraj K.S SecPod Technologies www.secpod.com Vendor : http://jamwiki.org/wiki/en/JAMWiki Advisory : http://secpod.org/blog/?p=493 http://secpod.org/advisories/SecPodJamWikiXSSVuln.txt Software : JAMWiki 1.1.4 Date :...

IBM WebSphere Application Server Detection

IBM WebSphere Application Server, an application server for Java-based web applications, is running on the remote host. C Tenable, Inc. include"compat.inc"; if description scriptid57034; scriptversion"1.20"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/06/09";...

SWFRETools 1.1.0 - Adobe Flash SWF file reverse engineering !

SWFRETools 1.1.0 - Adobe Flash SWF file reverse engineering ! SWFRETools package contains three different tools. The most advanced tool is called Flash Dissector. It is a Java-based GUI tool you can use to inspect the binary content of SWF files. The second tool is a Java-based command-line tool...

HP OpenView Network Node Manager jovgraph.exe displayWidth Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The exploit would require a crafted HTTP request to the target host. The specific flaw...

Malware Found on Lenovo Driver Download

The driver download portal of hardware manufacturer Lenovo temporarily deployed malicious code. Various virus scanners issued alerts about a Java-based Trojan downloader or dropper. Read the full article. The H Security...

Multi-Threaded HTTP Server 1.1 - Source Disclosure

Multi-Threaded HTTP Server 1.1 - Source Disclosure Exploit Title: MultiThreaded HTTP Server v1.1 Source Disclosure Found By: DrIDE Date: Apr. 20, 2010 Download: http://voxel.dl.sourceforge.net/project/http/version1.1/%5BUnnamed%20release%5D/HTTPProjectfat.jar Tested on: Windows 7 - Description -...

MultiThreaded HTTP Server v1.1 Source Disclosure

Exploit for windows platform in category remote exploits ================================================ MultiThreaded HTTP Server v1.1 Source Disclosure ================================================ Exploit Title: MultiThreaded HTTP Server v1.1 Source Disclosure Found By: DrIDE Date: Apr. 20...

Multi-Threaded HTTP Server 1.1 - Source Disclosure

Exploit Title: MultiThreaded HTTP Server v1.1 Source Disclosure Found By: DrIDE Date: Apr. 20, 2010 Download: http://voxel.dl.sourceforge.net/project/http/version1.1/%5BUnnamed%20release%5D/HTTPProjectfat.jar Tested on: Windows 7 - Description - MultiThreaded HTTP Server v1.1 is a Java based HTTP...

Alkakon OpenCms 7.5.2 and below non persistent XSS

Exploit for unknown platform in category web applications ================================================== Alkakon OpenCms 7.5.2 and below non persistent XSS ================================================== Exploit Title: Alkakon OpenCms 7.5.2 and below non persistent XSS. Author: EgoPL...

Sun Java System Web Server未明远程缓冲区溢出漏洞

Bugraq ID: 36813 Sun Java System Web Server是一款基于Java的WEB服务程序。 Sun Java System Web Server存在一个未明安全漏洞，远程攻击者可以利用漏洞进行缓冲区溢出，可导致任意代码执行。 目前没有详细漏洞细节提供。 Sun Java System Web Server 7.0 Update 6 目前没有解决方案提供： http://wwws.sun.com/software/products/websrvr/homewebsrvr.html...