EUVD-2009-4459

Malware in sbrugna...

EUVD-2006-0822

Malware in sbrugna...

EUVD-2002-1838

Malware in sbrugna...

CVE-2002-1859

Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot "WEB-INF."...

Orion Application Server 1.5.2b Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications Orion Application Server - Cross Site Scripting Tested on: Orion Application Server 1.5.2b Date: Ago 09, 2020 Informer: Pablo Rebolini - Cross Site Scripting Poc: GET http://x.x.x.x/%3Cscript%3Ealert%22xss'ed%22%3C/script%3E Dork: "Orion...

Orion Application Server 1.5.2b Cross Site Scripting

Orion Application Server - Cross Site Scripting Tested on: Orion Application Server 1.5.2b Date: Ago 09, 2020 Informer: Pablo Rebolini - Cross Site Scripting Poc: GET http://x.x.x.x/%3Cscript%3Ealert%22xss'ed%22%3C/script%3E Dork: "Orion Application Server" "up and running"...

Orion Application Server <= 2.0.7 Terminal Escape Sequence in Logs Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37717/info Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in ...

CVE-2009-4493

Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4493

CVE-2009-4493 affects Orion Application Server 2.0.7. The Vulnerability arises from writing to logs without sanitizing non‑printable characters, enabling an attacker to send an HTTP request containing terminal escape sequences that could modify a window title or, in the worst case, execute arbitr...

Orion Application Server Terminal Escape Sequence in Logs Command Injection Vulnerability

Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...

Orion Application Server Terminal Escape Sequence in Logs Command Injection Vulnerability

Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Orion Application Server 2.0.7 is vulnerable; other versions may also be...

Orion Application Server 2.0.7 - &#039;Terminal Escape Sequence in Logs&#039; Command Injection

source: https://www.securityfocus.com/bid/37717/info Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Orion Application Serv...

Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection

Orion Application Server 2.0.7 - Terminal Escape Sequence in Logs Command Injection source: https://www.securityfocus.com/bid/37717/info Orion Application Server is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can...

Orion Application Server Web Examples Multiple XSS

The remote web server uses Orion Application Server, an application server hosted on a Java2 platform. It currently makes available at least one example JSP application that fails to sanitize user-supplied input before using it to generate dynamic HTML output. Specifically, the 'item' parameter o...

Orion Application Server Cross Site Scripting

R08-08: Several XSS on Orion Application server 2.0 to 2.0.8 Vulnerability found: May 2008 Revalidated 23 July 2009 Vendor informed: 27th July 09 Vulnerability fixed: Severity: Medium Description: Various Orion application application server example pages are vulnerable to XSS. Orion application...

Various Orion application application server example pages are vulnerable to XSS.

R08-08: Several XSS on Orion Application server 2.0 to 2.0.8 Vulnerability found: May 2008 Revalidated 23 July 2009 Vendor informed: 27th July 09 Vulnerability fixed: Severity: Medium Description: Various Orion application application server example pages are vulnerable to XSS. Orion application...

Orion Application Server Crafted Filename Extension JSP Script Source Disclosure

The remote host is running Orion Application Server, an application server running on a Java2 platform. According to its banner, the version of Orion installed on the remote Windows host fails to properly validate filename extensions in URLs. A remote attacker may be able to leverage this issue t...

Design/Logic Flaw

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...

CVE-2006-0816

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...

CVE-2006-0816

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...