SUSE-SU-2024:4106-1 Security update for tomcat

This update for tomcat fixes the following issues: - Update to Tomcat 9.0.97 Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt + Add:...

SUSE-SU-2024:4105-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.33 Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status bsc1233434 Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints. markt +...

Telesquare SKT LTE Router SDT-CS3B1 WebDAV HTTP Methods Arbitrary File Events

Summary We introduce SDT-CS3B1 LTE router which is a SKT 3G and 4G LTE wireless communication based LTE router product. Description WebDAV is enabled with directory listing and dangerous HTTP methods allowed: PROPFIND, DELETE, MKCOL, PUT, MOVE, COPY, PROPPATCH, LOCK and UNLOCK. The HTTP PUT metho...

Apache Jackrabbit WebDAV XXE Exploit

Exploit for java platform in category web applications !/usr/bin/env python """ Exploit Title: Jackrabbit WebDAV XXE Date: 25-05-2015 Software Link: http://jackrabbit.apache.org/jcr/ Exploit Author: Mikhail Egorov Contact: 0ang3el gmail com Website: http://0ang3el.blogspot.com CVE: CVE-2015-1833...

CVE-2007-6687

Multiple cross-site scripting XSS vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the 1 Core or 2 add-item modules; or via 3 HTTP PROPPATCH in the WebDAV module...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Menalto Gallery before 2.2.4 allow remote attackers to inject arbitrary web script or HTML via crafted filenames to the 1 Core or 2 add-item modules; or via 3 HTTP PROPPATCH in the WebDAV module...