Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat crossite scripting
updated since 23.07.2007
Published:04.09.2007
Source:
SecurityVulns ID:7964
Type:remote
Threat Level:
5/10
Description:Crossite scripting in sendmail.jsp, calendar and CookieExample example scripts.
Affected:APACHE : Tomcat 4.0
 APACHE : Tomcat 4.1
CVE:CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.)
 CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.)
Original documentdocumenttusharvartak_(at)_hotmail.com, Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability (04.09.2007)
 documentAPACHE, CVE-2007-3384: XSS in Tomcat cookies example (03.08.2007)
 documentMark Thomas, CVE-2007-3383: XSS in Tomcat send mail example (23.07.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.09.2007
Source:
SecurityVulns ID:8116
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:212CAFE : 212cafeBoard 6.30
 JOOMLA : Joomla 1.5
Original documentdocumentLopez Bran, 212cafeBoard Sql injection (04.09.2007)
 documentOmid, Multiple vulnerabilities in Joomla 1.5 RC 1 (04.09.2007)
 documenthome_edition200_(at)_irc.mildnet.org , SolpotCrew Advisory #15 (home_edition2001) - Weblogicnet (files_dir) Remote File Inclusion (04.09.2007)

Mailmarshal mail gateway directory traversal
Published:04.09.2007
Source:
SecurityVulns ID:8117
Type:remote
Threat Level:
6/10
Description:Vulnerable outdated ported version of 'tar' utility is used, making it's possible to overwrite system files via directory traversal vulnerability.
Affected:MARSHAL : MailMarshal 6.21
Original documentdocumentS. Vandersee, Marshal MailMarshal TAR Unpacking Vulnerability (04.09.2007)

Tor cross application scripting
Published:04.09.2007
Source:
SecurityVulns ID:8118
Type:client
Threat Level:
5/10
Description:Cross applicaiton scripting via Tor proxy erro message.
Affected:TOR : tor 0.2
Original documentdocumentcoderman_(at)_gmail.com, Tor security advisory: cross-protocol http form attack (04.09.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod